Hi Florian,
if (!S_ISREG(buf.st_mode) || (buf.st_mode& 0137) != 0
|| ((buf.st_mode& 0040) != 0&& buf.st_gid != getgid())) {
syslog(L_ERROR, "bad ownership or permissions on private key"
" '%s': private key must be mode 640 at most, and readable by the news
"
Florian Schlichting writes:
>> > Then I suggest:
>>
>> > if (!S_ISREG(buf.st_mode) || (buf.st_mode & 0137) != 0
>> > || ((buf.st_mode & 0040) != 0 && buf.st_gid != getgid())) {
>> > syslog(L_ERROR, "bad ownership or permissions on private key"
>> >" '%s': private key must be
Hi,
> > Then I suggest:
>
> > if (!S_ISREG(buf.st_mode) || (buf.st_mode & 0137) != 0
> > || ((buf.st_mode & 0040) != 0 && buf.st_gid != getgid())) {
> > syslog(L_ERROR, "bad ownership or permissions on private key"
> >" '%s': private key must be mode 640 at most, and readable
Julien ÉLIE writes:
> Then I suggest:
> if (!S_ISREG(buf.st_mode) || (buf.st_mode & 0137) != 0
> || ((buf.st_mode & 0040) != 0 && buf.st_gid != getgid())) {
> syslog(L_ERROR, "bad ownership or permissions on private key"
>" '%s': private key must be mode 640 at most, and read
Hi Russ,
> At first glance, it seems to me like the news group is fairly trusted
> already by INN, and I'm missing why we should be worried about people in
> the news group being able to see the private key.
Yes, you're right.
> We should probably be slightly more paranoid and ensure that if th
Julien ÉLIE writes:
> I think the issue is that nnrpd tries to make sure that only the news
> user can read the private key. 400 news:news would also be fine (and it
> is not writable by the news user).
> When we have 640 root:news, other users in the news group can read the
> key. And not onl
Hi Russ,
>> README.Debian states:
>
>> The private key must have the correct permissions:
>
>> chown root:news /etc/news/key.pem
>> chmod 640 /etc/news/key.pem
>
>> But as nnrpd(8) clearly states, this must instead be
>
>> chown news:news /etc/news/key.pem
>
Florian Schlichting writes:
> the description in README.Debian on how to set up SSL for nnrpd is not
> correct, nnrpd will deny making use of key.pem given the ownership and
> permissions explicitly given to it.
> README.Debian states:
> The private key must have the correct permissions
Package: inn2
Version: 2.5.2+20110413-1+b1
Severity: normal
found: 2.5.2-2~squeeze1
Hi,
the description in README.Debian on how to set up SSL for nnrpd is not
correct, nnrpd will deny making use of key.pem given the ownership and
permissions explicitly given to it.
README.Debian states:
9 matches
Mail list logo
