cluster/services/certificates: setfacl for extra groups doesn't apply properly #44

New issue

Closed

opened 2023-10-29 14:19:38 +02:00 by max · 1 comment

max commented 2023-10-29 14:19:38 +02:00 (Migrated from git.privatevoid.net)

Copy link

Seems like it only applies to full.pem

# file: var/lib/acme/internal.privatevoid.net/cert.pem
# owner: acme
# group: nginx
user::rw-
group::r--
other::---

# file: var/lib/acme/internal.privatevoid.net/chain.pem
# owner: acme
# group: nginx
user::rw-
group::r--
other::---

# file: var/lib/acme/internal.privatevoid.net/fullchain.pem
# owner: acme
# group: nginx
user::rw-
group::r--
other::---

# file: var/lib/acme/internal.privatevoid.net/full.pem
# owner: acme
# group: nginx
user::rw-
group::r--
group:nginx:r--
group:kanidm:r--
mask::r--
other::---

# file: var/lib/acme/internal.privatevoid.net/key.pem
# owner: acme
# group: nginx
user::rw-
group::r--
other::---

Seems like it only applies to full.pem ```plaintext # file: var/lib/acme/internal.privatevoid.net/cert.pem # owner: acme # group: nginx user::rw- group::r-- other::--- # file: var/lib/acme/internal.privatevoid.net/chain.pem # owner: acme # group: nginx user::rw- group::r-- other::--- # file: var/lib/acme/internal.privatevoid.net/fullchain.pem # owner: acme # group: nginx user::rw- group::r-- other::--- # file: var/lib/acme/internal.privatevoid.net/full.pem # owner: acme # group: nginx user::rw- group::r-- group:nginx:r-- group:kanidm:r-- mask::r-- other::--- # file: var/lib/acme/internal.privatevoid.net/key.pem # owner: acme # group: nginx user::rw- group::r-- other::--- ```

max commented 2024-07-10 03:15:31 +03:00

Owner

Copy link

Fixed in 5a519d3a48

Fixed in 5a519d3a48bba9ac999ef2352d38e5b888a6efc7

max closed this issue 2024-07-10 03:15:31 +03:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

pr-consul-acl

pr-flake-update

staging

pr-hci-no-ifd

pr-simulacrum-stage-6

pr-frangiclave

attic-ha

pg-auto-migrations

pkg-ircbot

d2n-bug-symlink-bin

No results found.

Labels

Clear labels   

bug

  

dependencies

  

documentation

  

duplicate

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

new feature

  

project/hyprspace

  

project/ircbot

  

project/monitoring

  

question

  

security

  

wontfix

No labels

bug

dependencies

documentation

duplicate

enhancement

good first issue

help wanted

invalid

new feature

project/hyprspace

project/ircbot

project/monitoring

question

security

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: privatevoid.net/depot#44

No description provided.