Am 28.04.2015 um 17:59 schrieb Thomas Jackson:
I have run into some issues before where if you have permissions errors (lets say on SSL certs)
that's in general a design errorthe certs and keys should be loaded as root *before* drop privileges so that the user listening on the public socket *never* has the permissions to accees them from disk
just because in case of a seurity bug there is no chance to get the private key and other software like httpd, dovecot, postfix... are doing it that way
if you have wildcard certs you likely use them for the above named services as well as for ATS and need to give read permissions for non-root only because one service
signature.asc
Description: OpenPGP digital signature
