"Martin Pitt" <mpitt@debian.org> writes:
> Currently the postmaster requires the private SSL key file to have the same
> owner as the postmaster, and no permissions for group and others. However,
> this is too strict to sensibly use the certificate with ACLs, which permits
> other server processes to share it.
> In Debian I applied a patch which relaxes the check a bit: in addition to
> the currently allowed permissions, the file might be:
> - owned by root
> - group-readable if the file is in group root or the postmaster group.
This was proposed and rejected before --- it's not clear why it's a good
idea to share a private key file with other servers, and even less clear
why it'd be a good idea to have such a file be group-readable by a large
group.
regards, tom lane