Bug 171163 - CUPS trashes permissions on SSL certificates
Summary: CUPS trashes permissions on SSL certificates
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: cups
Version: 4.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Tim Waugh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-10-18 21:28 UTC by Josh Kelley
Modified: 2007-11-30 22:07 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-11-08 16:05:22 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Josh Kelley 2005-10-18 21:28:43 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
When the cups service is started, it changes the permissions on its certificate file and certificate key file to mode 0640, owner root:sys.  This is bad for two reasons.  First, as far as I know, the certificate file can and often should be world-readable.  Second, if other services are configured to use the same certificate and key files, they may stop working.  For example, OpenLDAP requires that the key be readable by the ldap user.

Version-Release number of selected component (if applicable):
cups-1.1.22-0.rc1.9.8

How reproducible:
Always

Steps to Reproduce:
1. Edit /etc/cups/cupsd.conf and configure a ServerCertificate and ServerKey.
2. Start cupsd ("service cups start").
  

Actual Results:  Permissions on the certificate files are altered.

Expected Results:  Permissions are not altered.

Additional info:
Comment 1 Tim Waugh 2005-10-19 12:33:56 UTC 
Reported upstream:

  http://www.cups.org/str.php?L1324
Comment 2 Tim Waugh 2005-11-08 16:05:22 UTC 
Will be fixed in a future version of CUPS.  Thanks for the report.
Note You need to log in before you can comment on or make changes to this bug.