Bug#371087: cyrus21-imapd: Fatal error: tls_init() failed if user
cyrus is not in ssl-cert group
Henrique de Moraes Holschuh
hmh at debian.org
Wed Jun 7 19:29:01 UTC 2006
On Wed, 07 Jun 2006, Diego Fdez. Durán wrote:
> So I think that the cyrus-imapd instalallation scripts need to add the
> cyrus user to the ssl-cert group. (I don't know if the installer already
> add cyrus to group ssl-cert, sorry).
THIS would be a very bad idea. Cyrus should be reading sensitive data as
root, and not asking people to give the cyrus user any access to private
data. I don't think we get this right in Cyrus yet, though.
Now, 2.1 certainly can't do more than it already does (it is in
deep-freeze). But if you are going to have a key that the cyrus user reads,
place it somewhere only the cyrus user can read, and that doesn't require
the cyrus user to be able to read anything else of imporance.
I am dead set *against* adding the cyrus user to the ssl-cert group. Other
solutions, including changing documentation, default paths, etc are welcome,
of course.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
More information about the Pkg-Cyrus-imapd-Debian-devel
mailing list