On Wed, 07 Jun 2006, Diego Fdez. DurĂ¡n wrote: > So I think that the cyrus-imapd instalallation scripts need to add the > cyrus user to the ssl-cert group. (I don't know if the installer already > add cyrus to group ssl-cert, sorry).
THIS would be a very bad idea. Cyrus should be reading sensitive data as root, and not asking people to give the cyrus user any access to private data. I don't think we get this right in Cyrus yet, though. Now, 2.1 certainly can't do more than it already does (it is in deep-freeze). But if you are going to have a key that the cyrus user reads, place it somewhere only the cyrus user can read, and that doesn't require the cyrus user to be able to read anything else of imporance. I am dead set *against* adding the cyrus user to the ssl-cert group. Other solutions, including changing documentation, default paths, etc are welcome, of course. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh
