[cups.bugs] [HIGH] STR #2937: Do not clobber SSL cert/key permissions if they are symlinks
martin.pitt at canonical.com
Sat Sep 6 06:27:53 PDT 2008
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
CUPS makes an attempt to only change the permissions of the server SSL
cert/key if it was created by cups, i. e. if it is in /etc/cups/ssl/.
However, I prefer all services on a server to share one SSL certificates
and thus created symlinks to the real files in /etc/ssl/.
CUPS must not clobber the permissions of files it does not own. I created
a patch to leave the SSL key/cert alone if they are symlinks.
Actually I'd like it much better if cups would stop continuously
chmod/chowning around in /etc at all, since that is bad style and
overriding the sysadmin's decision. E. g. I patched away the chmod/chown
for cupsd.conf for that very reason. It should create files with correct
permissions and be done with it. However, convincing you to do that
upstream is probably a much harder task :-), so let's start with the SSL
cert, where it *really* matters (the chown breaks access to the SSL key
from other services like PostgreSQL and postfix, so that they stop working
Thank you for considering!
More information about the cups-devel