On Fri, Jan 31, 2014 at 01:52:50PM +0100, Reindl Harald wrote: > > my personal issue is that we distribute the wildcard-cert to all > relevant machines in a own directory which chmod 400 and after > the cert expires and is re-newed the admin server can distribute it
We do the same.. but for files that ATS needs to access, we make them owned by root:ats, mode 440. I very much agree they should be opened by root on startup instead. -jf
