Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add unbound members group access to control key #1220

Merged
merged 1 commit into from
Jan 24, 2025
Merged

Add unbound members group access to control key #1220

merged 1 commit into from
Jan 24, 2025

Conversation

pemensik
Copy link
Contributor

Recent openssl genrsa does not use umask for generated keys. There is no strong reason why every member of unbound group should be able read server key. But control key would be quite useful to be group readable and to allow control access to whole group. Allowing access to control by group membership, not via sudo.

@pemensik pemensik force-pushed the unbound-control-group-key branch from 4222050 to 0d0f45c Compare January 14, 2025 13:33
@pemensik
Add unbound members group access to control key
f4881bd 
Recent openssl genrsa does not use umask for generated keys. There is no
strong reason why every member of unbound group should be able read
server key. But control key would be quite useful to be group readable
and to allow control access to whole group. Allowing access to control
by group membership, not via sudo.
@pemensik pemensik force-pushed the unbound-control-group-key branch from 0d0f45c to f4881bd Compare January 14, 2025 13:35
@gthess gthess self-assigned this Jan 24, 2025
gthess
gthess approved these changes Jan 24, 2025
View reviewed changes
Copy link
Member

@gthess gthess left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.
The old situation was that the group was getting read access on keys and public certificates implicitly.
The current situation is that the group is not getting any read access on keys.
The new situation will be that the group will gain read access on the control key (the one clients need to connect to the server part- Unbound).

@gthess gthess merged commit b48958c into NLnetLabs:master Jan 24, 2025
1 check passed
gthess added a commit that referenced this pull request Jan 24, 2025
@gthess
Changelog entry for #1220:
911509f 
- Merge #1220 from Petr Menšík, Add unbound members group access to
  control key.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gthess gthess gthess approved these changes

Assignees

@gthess gthess

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pemensik @gthess