BytemarkHosting / symbiosis

A hosting environment that works with you, not against you.
GNU General Public License v2.0
21 stars 14 forks source link

It's too easy to break Exim by changing ssl certificate ownership. #47

Open patch0 opened 7 years ago

patch0 commented 7 years ago

Pretty much everything in /srv/ is owned by admin:admin, so it's tempting to run something like "chown -R admin:admin /srv". The problem is that Exim certificates lie in /srv//config/ssl/sets and Debian-exim (the user that runs Exim) is not a member of the admin group, so this is an awkward fact to learn and remember.

It might be better if the certificates were managed in /etc/ssl - from where they are currently, and tortuously symlinked.

Alternatively, if issue 38 https://gitlab.bytemark.co.uk/open-source/symbiosis/issues/38 is implemented, then I've made a suggestion for managing these certs.

Originally reported on Bytemark's Gitlab by @ieiloart on 2016-09-23T14:08:10.769Z

patch0 commented 7 years ago

I think a symbiosis-fix-permissions script would be useful here. Reorganising filesystem layout is quite a task to happen automatically.

Originally posted by @patch0 on 2017-01-25T08:59:13.442Z