Control: tag -1 unreproducible moreinfo On Sat, May 20, 2017 at 07:25:03PM +0300, Alexander GQ Gerasiov wrote: > dehydrated package by default create private files with word-readable > permissions.
That's not what it doe around here, nor I could find anybody who had
your experience.
One of the first thing dehydrated does is to set an umask of 077, and
then mktemp creates file with 600 by default anyway, indeed all my
files (public and private keys) are 600.
> How I got this:
> I installed dehydrated 0.3.1-3~bpo8+1
> Put my domain with subdomains to /etc/dehydrated/domains.txt and run
> # dehydrated -c
> as root user
> (I dont know does it matter or not, but first runs failed because I did
> not setup challenge dir for all subdomain.)
>
> After cerificates and keys was generated I found that files are
> readable by anyone in the system:
> dnsmasq@master:~$ ls -la /var/lib/dehydrated/certs/gerasiov.net/privkey*
In fact you shouldn't even be able to do this, the certs directories
should be 700...
Are you running with a weird umask (which shouldn't matter anyway), or a
mangled mktemp, or do you have (more likely) any hook misbehaving?
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
