On Sun, 28 Sep 2014, Rickard Bellgrim wrote:
Perhaps runningĀ softhsm --import or ods-ksmutil key import as root causes this?
The user "ods" will not be able to open the token database.
The SoftHSM token database will get the same user and group as the user running
the softhsm command. However, the command should
not create a file that is world readable. Your file is world readable.
(The argument --export or --optimize will not set the correct file permissions.
See SOFTHSM-101.)
I would consider these all to be bugs. softhsm should handle the import
properly, especially file permissions. It should possibly warn if the
file is owned/grouped by root, or better if not owned/grouped by
whomever owns the /var/softhsm directory.
Paul
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
