From fb6cb79b4194b2ff03736d5ec82afca2ddadbfdb Mon Sep 17 00:00:00 2001 From: Gregory Colpart Date: Sun, 28 Jan 2018 17:13:23 +0100 Subject: [PATCH] Keep read right on group for software with non-root access like OpenLDAP --- evoacme/files/evoacme.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/evoacme/files/evoacme.sh b/evoacme/files/evoacme.sh index ca1664ec..73523588 100755 --- a/evoacme/files/evoacme.sh +++ b/evoacme/files/evoacme.sh @@ -176,8 +176,9 @@ main() { [ -d "${NEW_DIR}" ] && error "${NEW_DIR} directory already exists, remove it manually." mkdir -p "${NEW_DIR}" - chmod -R 0700 "${CRT_DIR}" chown -R acme: "${CRT_DIR}" + chmod -R 0700 "${CRT_DIR}" + chmod -R g+rX "${CRT_DIR}" debug "New cert will be created in ${NEW_DIR}" readonly NEW_CERT="${NEW_DIR}/cert.crt"