Hi Stefan,this looks like a problem with the installer - we just unpack the example config from an archive an do not adjust the user/permissions afterwards.
The openxpki user just needs read access to all of those, write access is not required. The config.d path and the ssl path are critical as they contain passwords and key material, so they should have very restrictive permissions (which is done by the installer).
The scep/soap/rpc/webui also needs to be readable by your webserver, as there is usually no sensitive data you can leave that with read-other permissions also.
I will also add a ticket to github to fix that in the next release. Oliver Am 27.12.2016 um 18:47 schrieb [email protected]:
Hi all, on a debian jessie server system i have as root openxpki installed as follows "sudo aptitude install libopenxpki-perl openxpki-i18n". After the installation I look at the rights in the directory openxpki "drwxr-x--- 4 openxpki root 4096 Jul 30 2014 config.d -rw-rw-r-- 1 1000 plex 3795 Jul 14 20:26 log.conf drwxrwxr-x 4 1000 plex 4096 Jul 30 2014 notification -rw-rw-r-- 1 1000 plex 1374 Apr 7 2016 README.md drwxrwxr-x 2 1000 plex 4096 Nov 14 12:38 rpc drwxrwxr-x 2 1000 plex 4096 Jul 14 20:26 sc drwxrwxr-x 2 1000 plex 4096 Jul 14 20:26 scep drwxrwxr-x 2 1000 plex 4096 Jul 14 20:26 soap drwxr-x--- 3 openxpki root 4096 Jul 30 2014 ssl drwxrwxr-x 2 1000 plex 4096 Jul 14 20:26 webui" Where does openxpki get these rights (user / group)? Do I have to adjust the permissions (user: 1000, group: plex)? What rights do I have to set? Thanks for replay, by Stefan Harbich ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
-- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
