Keep read right on group for software with non-root access like OpenLDAP

2018-01-28 17:13:23 +01:00 · 2018-01-28 17:13:23 +01:00 · fb6cb79b41
parent 4fd4e0d96d
commit fb6cb79b41
1 changed files with 2 additions and 1 deletions
--- a/evoacme/files/evoacme.sh
+++ b/evoacme/files/evoacme.sh
@ -176,8 +176,9 @@ main() {

    [ -d "${NEW_DIR}" ] && error "${NEW_DIR} directory already exists, remove it manually."
    mkdir -p "${NEW_DIR}"
-    chmod -R 0700 "${CRT_DIR}"
    chown -R acme: "${CRT_DIR}"
+    chmod -R 0700 "${CRT_DIR}"
+    chmod -R g+rX "${CRT_DIR}"
    debug "New cert will be created in ${NEW_DIR}"

    readonly NEW_CERT="${NEW_DIR}/cert.crt"