projects / apache2-cn.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Changes for umask and file access permissions in carnet-generate-ssl.
[apache2-cn.git] / carnet-generate-ssl
diff --git a/carnet-generate-ssl b/carnet-generate-ssl
index 8d61008..7f618ba 100755 (executable)
--- a/carnet-generate-ssl
+++ b/carnet-generate-ssl
@@ -45,7 +45,7 @@ cd /etc/ssl
 #
 if [ ! -f ${sslkey}/apache2-ca.key ]; then
 
-    (umask 027; openssl genrsa -out ${sslkey}/apache2-ca.key 1024)
+    (umask 077; openssl genrsa -out ${sslkey}/apache2-ca.key 1024)
     KEYS="${KEYS}
  - ${sslkey}/apache2-ca.key"
 fi
@@ -105,7 +105,7 @@ ln -sf apache2-ca.pem $(openssl x509 -hash -noout -in apache2-ca.pem)
 
 # Generate server certificate
 #
-(umask 027; openssl genrsa -out ${sslkey}/apache2.key 1024)
+(umask 077; openssl genrsa -out ${sslkey}/apache2.key 1024)
 
 echo 01 > "$TMPFILE2"
 sed "s/HOST/$FQDN/g; s/DOMAIN/$DOMAIN/g; s/WEBMASTER/$WEBMASTER/g" \
@@ -134,10 +134,9 @@ cd ${sslcrt}
 ln -sf apache2.pem $(openssl x509 -hash -noout -in apache2.pem)
 
 
-# Fix file access permissions and group ownership.
+# Fix file access permissions.
 #
-chgrp www-data ${sslkey}/apache2-ca.key ${sslkey}/apache2-ca.csr ${sslkey}/apache2.key ${sslkey}/apache2.csr
-chmod 640 ${sslkey}/apache2-ca.key ${sslkey}/apache2-ca.csr ${sslkey}/apache2.key ${sslkey}/apache2.csr
+chmod 600 ${sslkey}/apache2-ca.key ${sslkey}/apache2.key
 
 
 # Cleanup
apache2-cn