Re: BUG #1963: SSL certificate permission check is too strict
| От | Tom Lane |
|---|---|
| Тема | Re: BUG #1963: SSL certificate permission check is too strict |
| Дата | |
| Msg-id | 10226.1129304318@sss.pgh.pa.us обсуждение |
| Ответ на | BUG #1963: SSL certificate permission check is too strict ("Martin Pitt" <mpitt@debian.org>) |
| Ответы |
Re: BUG #1963: SSL certificate permission check is too strict
|
| Список | pgsql-bugs |
"Martin Pitt" <mpitt@debian.org> writes:
> Currently the postmaster requires the private SSL key file to have the same
> owner as the postmaster, and no permissions for group and others. However,
> this is too strict to sensibly use the certificate with ACLs, which permits
> other server processes to share it.
> In Debian I applied a patch which relaxes the check a bit: in addition to
> the currently allowed permissions, the file might be:
> - owned by root
> - group-readable if the file is in group root or the postmaster group.
This was proposed and rejected before --- it's not clear why it's a good
idea to share a private key file with other servers, and even less clear
why it'd be a good idea to have such a file be group-readable by a large
group.
regards, tom lane
В списке pgsql-bugs по дате отправления: