www.cendio.com
Bug 7080 - tlwebaccess/tlwebadm refuses to work with cert key in private dir
: tlwebaccess/tlwebadm refuses to work with cert key in private dir
Status: NEW
: ThinLinc
Other
: 1.3.1
: PC Unknown
: P2 Normal
: Next
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2017-11-20 10:46 by
Modified: 2017-11-21 13:02 (History)
Acceptance Criteria:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From cendio 2017-11-20 10:46:58
tlwebaccess and tlwebadm has a security check that the private key isn't world
readable. When this triggers we get:

> 2017-11-20 10:41:22 ERROR tlwebaccess[14211]: [::ffff:83.233.150.227] File is read and writeable by others than file owner.
> 2017-11-20 10:41:22 ERROR tlwebaccess[14211]: [::ffff:83.233.150.227] Failed to reliable read the certificate key from file, exiting.

Unfortunately it only checks the file itself, rather than the entire path
leading to the file. This breaks certbot/letsencrypt as they secure the files
via the directory:

> drwx------. 3 root root 34 Nov 20 10:38 /etc/letsencrypt/archive/

and not the files:

> -rw-r--r--. 1 root root 1704 Nov 20 10:38 /etc/letsencrypt/archive/certdemo.thinlinc.com/privkey1.pem

This means we cannot use these files directly without some modification.