Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

It's too easy to break Exim by changing ssl certificate ownership. #47

Open
patch0 opened this issue Jun 13, 2017 · 1 comment
Open

It's too easy to break Exim by changing ssl certificate ownership. #47

patch0 opened this issue Jun 13, 2017 · 1 comment
Labels
bug
Milestone
buster release

Comments

@patch0
Copy link
Contributor

patch0 commented Jun 13, 2017

Pretty much everything in /srv/ is owned by admin:admin, so it's tempting to run something like "chown -R admin:admin /srv". The problem is that Exim certificates lie in /srv//config/ssl/sets and Debian-exim (the user that runs Exim) is not a member of the admin group, so this is an awkward fact to learn and remember.

It might be better if the certificates were managed in /etc/ssl - from where they are currently, and tortuously symlinked.

Alternatively, if issue 38 https://gitlab.bytemark.co.uk/open-source/symbiosis/issues/38 is implemented, then I've made a suggestion for managing these certs.

Originally reported on Bytemark's Gitlab by @ieiloart on 2016-09-23T14:08:10.769Z
@patch0
Copy link
Contributor Author

patch0 commented Jun 13, 2017

I think a symbiosis-fix-permissions script would be useful here. Reorganising filesystem layout is quite a task to happen automatically.

Originally posted by @patch0 on 2017-01-25T08:59:13.442Z

@patch0 patch0 added the bug label Jul 10, 2017
@patch0 patch0 modified the milestone: buster+ Jul 20, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
buster release
Development

No branches or pull requests
1 participant
@patch0