Hi, > Does the user opendnssec have read privileges in /etc/softhsm/ and > read/write in /var/opendnssec/? > > (minor nit) It's /var/lib/opendnssec on Debian/Ubuntu
no, it has not, as of conf.xml has not configured OpenDNSSEC to drop privileges. These are the directory priviledges: ls -ld /etc/softhsm /var/lib/opendnssec drwxr-x--- 2 root softhsm 4096 Jun 21 10:18 /etc/softhsm drwxr-x--- 7 root opendnssec 4096 Jun 21 10:18 /var/lib/opendnssec ls -ld /etc/softhsm/* -rw-r----- 1 root softhsm 225 May 10 08:16 /etc/softhsm/softhsm.conf ls -ld /var/lib/opendnssec/* drwxr-xr-x 2 opendnssec opendnssec 4096 Jun 21 13:46 /var/lib/opendnssec/db drwxr-xr-x 2 opendnssec opendnssec 4096 Jun 14 12:49 /var/lib/opendnssec/signconf drwxr-xr-x 2 opendnssec opendnssec 4096 Jun 14 12:49 /var/lib/opendnssec/signed drwxr-xr-x 2 opendnssec opendnssec 4096 Jun 14 12:49 /var/lib/opendnssec/tmp drwxr-xr-x 2 opendnssec opendnssec 4096 Jun 14 12:49 /var/lib/opendnssec/unsigned What should I try best? Configure OpenDNSSEC to drop root privileges and "chown -R opendnssec" on the folders? Greetings Volker _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
