[Bug 258827] security/step-certificates: step-ca fails to start in the init process included SSH certs

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 258827] security/step-certificates: step-ca fails to start in the init process included SSH certs"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 20 Oct 2021 18:22:18 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258827

--- Comment #4 from Markus Wipp <mw@wipp.bayern> ---
Hi Adam, 

sorry for the long delay due to illness.

I just checked and found the following:

1) the directory /usr/local/etc/step is generated during installation with the
correct permissions
2) if the directory is deleted, it will be recreated by the smallstep program
with the "wrong" permissions. the fix is as you already found out to recreate
the correct permission with "chmod go+rx /usr/local/etc/step"

I think there are possibly three ways to handle this:

1) don't delete the directory, but only its contents
2) file a bug with smallstep-certificates directly, to have it create the
directory with the correct permissions
3) add some code in the init-script to check whether the directory exists and
create it with the correct permissions if necessary

Best regards
Markus

-- 
You are receiving this mail because:
You are the assignee for the bug.