Hi, > In Debian, xrdp daemon is executed by xrdp user privilege. However, > certificate's > private key is not accessible by xrdp user. > > Possible solutions are: > - Adjust permission/owner of private key file to be accessible from xrdp > user > - Add xrdp user to ssl-cert group
Well, the third and only correct solution would be xrdp getting its own mechanism for dropping prvileges, so it could read the key as root and then drop to the xrdp user. For now, I think the local administrator should add xrdp to the ssl-cert group if they want to use TLS. This is IMHO not a bug in the package, because by default, xrdp also uses RDP security and adding daemon users to ssl-cert is a common and well-known practice. -nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Mobile: +49-1520-1981389 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Maintainer LPIC-3 Linux Enterprise Professional (Security)
signature.asc
Description: PGP signature
