cluster/services/certificates: setfacl for extra groups doesn't apply properly #44

Closed
opened 2023-10-29 14:19:38 +02:00 by max · 1 comment
max commented 2023-10-29 14:19:38 +02:00 (Migrated from git.privatevoid.net)

Seems like it only applies to full.pem

# file: var/lib/acme/internal.privatevoid.net/cert.pem
# owner: acme
# group: nginx
user::rw-
group::r--
other::---

# file: var/lib/acme/internal.privatevoid.net/chain.pem
# owner: acme
# group: nginx
user::rw-
group::r--
other::---

# file: var/lib/acme/internal.privatevoid.net/fullchain.pem
# owner: acme
# group: nginx
user::rw-
group::r--
other::---

# file: var/lib/acme/internal.privatevoid.net/full.pem
# owner: acme
# group: nginx
user::rw-
group::r--
group:nginx:r--
group:kanidm:r--
mask::r--
other::---

# file: var/lib/acme/internal.privatevoid.net/key.pem
# owner: acme
# group: nginx
user::rw-
group::r--
other::---
Seems like it only applies to full.pem ```plaintext # file: var/lib/acme/internal.privatevoid.net/cert.pem # owner: acme # group: nginx user::rw- group::r-- other::--- # file: var/lib/acme/internal.privatevoid.net/chain.pem # owner: acme # group: nginx user::rw- group::r-- other::--- # file: var/lib/acme/internal.privatevoid.net/fullchain.pem # owner: acme # group: nginx user::rw- group::r-- other::--- # file: var/lib/acme/internal.privatevoid.net/full.pem # owner: acme # group: nginx user::rw- group::r-- group:nginx:r-- group:kanidm:r-- mask::r-- other::--- # file: var/lib/acme/internal.privatevoid.net/key.pem # owner: acme # group: nginx user::rw- group::r-- other::--- ```
Owner

Fixed in 5a519d3a48

Fixed in 5a519d3a48bba9ac999ef2352d38e5b888a6efc7
max closed this issue 2024-07-10 03:15:31 +03:00
Sign in to join this conversation.
No milestone
No project
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: privatevoid.net/depot#44
No description provided.