Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 171163 - CUPS trashes permissions on SSL certificates
CUPS trashes permissions on SSL certificates
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: cups (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Tim Waugh
Depends On:
  Show dependency treegraph
Reported: 2005-10-18 17:28 EDT by Josh Kelley
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-11-08 11:05:22 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Josh Kelley 2005-10-18 17:28:43 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
When the cups service is started, it changes the permissions on its certificate file and certificate key file to mode 0640, owner root:sys.  This is bad for two reasons.  First, as far as I know, the certificate file can and often should be world-readable.  Second, if other services are configured to use the same certificate and key files, they may stop working.  For example, OpenLDAP requires that the key be readable by the ldap user.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Edit /etc/cups/cupsd.conf and configure a ServerCertificate and ServerKey.
2. Start cupsd ("service cups start").

Actual Results:  Permissions on the certificate files are altered.

Expected Results:  Permissions are not altered.

Additional info:
Comment 1 Tim Waugh 2005-10-19 08:33:56 EDT
Reported upstream:

Comment 2 Tim Waugh 2005-11-08 11:05:22 EST
Will be fixed in a future version of CUPS.  Thanks for the report.

Note You need to log in before you can comment on or make changes to this bug.