Issue #23004 has been updated by Jeremy Bouse.
This would be extremely helpful to get included. This causes an endless battle over ownership when trying to allow PuppetDB to read the certs & key from puppet rather than copying and having duplicate copies of the same file on the system. ---------------------------------------- Feature #23004: Change default private key permissions to permit group read https://projects.puppetlabs.com/issues/23004#change-100137 * Author: Dominic Cleal * Status: Unreviewed * Priority: Normal * Assignee: * Category: settings * Target version: * Affected Puppet version: * Keywords: ssl, settings, keys * Branch: ---------------------------------------- The SSL private_keys directory and .pem file currently have default permissions that prevent 'puppet' group read access. It would be useful to thirdparty applications that share the SSL infra (i.e. PuppetDB and Foreman) if the defaults permitted group read, so the app users could be added to the 'puppet' group. Currently in Foreman, we use the following puppet.conf definition: privatekeydir = $ssldir/private_keys { group = service } hostprivkey = $privatekeydir/$certname.pem { mode = 640 } -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
