[Opendnssec-user] ods-signerd crashes - prob partially my fault

Rickard Bellgrim rickard at opendnssec.org
Sun Sep 28 21:56:22 CEST 2014

On Wed, Sep 24, 2014 at 11:36 PM, Paul Wouters <paul at nohats.ca> wrote:

> On Tue, 23 Sep 2014, Rickard Bellgrim wrote:
>  On Fri, Sep 19, 2014 at 9:49 PM, Paul Wouters <paul at nohats.ca> wrote:
>>       [root at ns0 log]# ls -l /var/softhsm/slot0.db
>>       -rw-rw-r--. 1 root nsd 329728 Sep 14 10:09 /var/softhsm/slot0.db
>> What user and group is ods-signer dropping to according to conf.xml?
> "ods"
> Perhaps running  softhsm --import or ods-ksmutil key import as root causes
> this?

The user "ods" will not be able to open the token database.

The SoftHSM token database will get the same user and group as the user
running the softhsm command. However, the command should not create a file
that is world readable. Your file is world readable.

(The argument --export or --optimize will not set the correct file
permissions. See SOFTHSM-101.)

// Rickard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140928/538c6d3a/attachment.html>

More information about the Opendnssec-user mailing list