From 378a800b86a6626d8dc6e88c77d83ac131084531 Mon Sep 17 00:00:00 2001 From: Mykola Malkov Date: Thu, 14 Nov 2024 18:55:43 +0200 Subject: [PATCH] MT#58444 Set correct permissions/ownership for ssl files Key and csr files should be 640. All other files 644. Ownership for all files should be root:ssl-cert. Change-Id: Ie4c0c8070d856d881b9d47aa65f953869537ee1e (cherry picked from commit a8476ad20d16c0842e23b753d7b3fbf740875268) --- tools/generate_ssl_keys.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tools/generate_ssl_keys.sh b/tools/generate_ssl_keys.sh index 5503e71a13..d8adb24bcc 100755 --- a/tools/generate_ssl_keys.sh +++ b/tools/generate_ssl_keys.sh @@ -55,9 +55,13 @@ else -signkey "${KEY_FILE}" -out "${CRT_FILE}" -extfile "${OPENSSL_CONFIG}" fi -chmod 640 "${KEY_FILE}" "${CRT_FILE}" +chmod 640 "${KEY_FILE}" +chmod 644 "${CRT_FILE}" chown root:ssl-cert "${KEY_FILE}" "${CRT_FILE}" -[ -r "${CSR_FILE}" ] && chmod 600 "${CSR_FILE}" +if [ -r "${CSR_FILE}" ] ; then + chmod 640 "${CSR_FILE}" + chown root:ssl-cert "${CSR_FILE}" +fi if [ "$SKIP_CSR" = "true" ] ; then echo "Generated ${KEY_FILE} ${CRT_FILE}"