Re: key / crt permissions constantly

 

-rw-r--r--+  1 acme root 1972 Jul 29 00:10 test.cer

 Do you use that file as
             KeyFile
               File containing the private key for the certificate.

No is also the certificate (unless that changed in recent versions)

Besides that, who cares about certs, these are even distributed unsecurly.

 The error isn't about a cert, it's about "the private key".

No because I was only changing permissions on the cert (unless it is changed in newer distros) But I think I saw this behaviour also on newer. Basically I can imagine maybe giving a warning on the key being o+r but that also depends on parent dirs.
I also don't get why the owner needs to be root.

(I already have this
define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl )

 A "private key" shouldn't be readable by everyone.

My private key and cert are separate files.

If you need to "share" a private key between instances,
use group permissions.
 

Sendmail is reading keys/certs as root not? Before it drops privileges.
Anyway I prefer to see something where it is guaranteed that key and cert are loaded and used no matter what. I don't think it is any applications business to force how permissions are set on key/crt files.