Sujet : Re: key / crt permissions constantly
De : hquest (at) *nospam* hquest.pro.br (HQuest)
Groupes : comp.mail.sendmailDate : 29. Jul 2024, 17:26:21
Autres entêtes
Organisation : novaBBS
Message-ID : <606e8453d9bc0d885f51bd47750b77ce@www.novabbs.com>
References : 1 2
User-Agent : Rocksolid Light
On Mon, 29 Jul 2024 12:10:35 +0000, Marco Moock wrote:
Sometimes users have default permissions of o+r, which means other
users on the system can read the stuff. For key files, this is really,
really bad, so sendmail warns you.
Might be bad but this is also a problem when you have multiple daemons
running under different users/groups and they share one single
certificate and key, hence the reason for a o+r file. Sure, one can copy
those files everywhere on the filesystem and set up their permissions to
fit the application, but is this copy everywhere really the best
alternative?