[Opendnssec-user] ods-signerd crashes - prob partially my fault
Paul Wouters
paul at nohats.ca
Mon Sep 29 15:23:15 UTC 2014
On Sun, 28 Sep 2014, Rickard Bellgrim wrote:
> Perhaps running softhsm --import or ods-ksmutil key import as root causes this?
>
> The user "ods" will not be able to open the token database.
>
> The SoftHSM token database will get the same user and group as the user running the softhsm command. However, the command should
> not create a file that is world readable. Your file is world readable.
>
> (The argument --export or --optimize will not set the correct file permissions. See SOFTHSM-101.)
I would consider these all to be bugs. softhsm should handle the import
properly, especially file permissions. It should possibly warn if the
file is owned/grouped by root, or better if not owned/grouped by
whomever owns the /var/softhsm directory.
Paul
More information about the Opendnssec-user
mailing list