Bug 7080 - tlwebaccess/tlwebadm refuses to work with cert key in private dir
Summary: tlwebaccess/tlwebadm refuses to work with cert key in private dir
Status: NEW
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Other (show other bugs)
Target Milestone: MediumPrio
Assignee: Peter Åstrand
Depends on:
Reported: 2017-11-20 10:46 CET by Pierre Ossman
Modified: 2022-05-11 13:11 CEST (History)
2 users (show)

See Also:
Acceptance Criteria:


Description Pierre Ossman cendio 2017-11-20 10:46:58 CET
tlwebaccess and tlwebadm has a security check that the private key isn't world readable. When this triggers we get:

> 2017-11-20 10:41:22 ERROR tlwebaccess[14211]: [::ffff:] File is read and writeable by others than file owner.
> 2017-11-20 10:41:22 ERROR tlwebaccess[14211]: [::ffff:] Failed to reliable read the certificate key from file, exiting.

Unfortunately it only checks the file itself, rather than the entire path leading to the file. This breaks certbot/letsencrypt as they secure the files via the directory:

> drwx------. 3 root root 34 Nov 20 10:38 /etc/letsencrypt/archive/

and not the files:

> -rw-r--r--. 1 root root 1704 Nov 20 10:38 /etc/letsencrypt/archive/certdemo.thinlinc.com/privkey1.pem

This means we cannot use these files directly without some modification.
Comment 1 Martin Östlund cendio 2022-05-11 13:11:07 CEST
This might not be true any more. Since Cerbot v0.29.0 they changed default key permissions from 0644 to 0660


Note You need to log in before you can comment on or make changes to this bug.