Hi, > My further test shows that CDP works correctly if the director is owned by > openxpki user. > Previous it was owned by apache user/group with group writeable permission. > openxpki > user is a member of apache group. This did not work. I am not sure why, > likely because > the perl module does not honor the supplementary group permission.
This is expected behaviour: the group assignments in /etc/group are ignored by the OpenXPKI server process. The reason is that the Net::Server base class we use in OpenXPKI requires explicit configuration of the Unix user and group to assume when daemonizing the server on startup, and it can also only assume one single group membership. See user and group in https://metacpan.org/dist/Net-Server/view/lib/Net/Server.pod#user So you should make sure that you plan a proper user/group/permission scheme for your runtime environment and allow write access for the configured Daemon user or group. Hope this helps, cheers Martin _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users