Uploaded image for project: 'Kopano Groupware Core'
  1. Kopano Groupware Core
  2. KC-684

spooler: cannot access SSL keyfile when directory has just +x

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Medium
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 8.3.1, 8.3.1RC1
    • Component/s: None
    • Security Level: Public
    • Labels:
      None
    • Environment:
      8.4.0

      Description

      Kopano user is member of ssl-cert group, so spooler should be able to access the certificate;

      root@ms-ssl:/home# sudo -S -u kopano ls /etc/ssl/private/kopano/
      admin-ms-ssl.pem  ca-chain.crt  server.crt  server.key  server-ms-ssl.pem
      
      root@ms-ssl:/home# ls -adl /etc/ /etc/ssl/ /etc/ssl/private/ /etc/ssl/private/kopano/ /etc/ssl/private/kopano/admin-ms-ssl.pem
      drwxr-xr-x 88 root root      164 May 29 14:49 /etc/
      drwxr-xr-x  4 root root        5 May 29 14:42 /etc/ssl/
      drwx--x---  3 root ssl-cert    4 May 29 14:46 /etc/ssl/private/
      drwxr-xr-x  2 root root        7 May 29 14:46 /etc/ssl/private/kopano/
      -rw-r--r--  1 root root     6418 May 29 14:46 /etc/ssl/private/kopano/admin-ms-ssl.pem
      
      root@ms-ssl:/home# groups kopano
      kopano : kopano ssl-cert
      
      root@ms-ssl:/home# sudo -S -u kopano tail -3 /etc/ssl/private/kopano/admin-ms-ssl.pem
      S2yUmvIy+ar+B5KVv4aYeGVFlaTt3TrZkGWg4Z8NTsZH+txch7h3Y0SF9J/UQ17K
      1ODg9EkGN/XhTCdPBnnofq7CmCVBXeBRo14Uqg==
      -----END CERTIFICATE-----
      

      spooler.log

      Mon May 29 14:49:48 2017: [crit   ] [25986] Cannot access /etc/ssl/private/kopano/admin-ms-ssl.pem: Permission denied
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                mscheper Marc Scheper
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: