Hello, Thanks for the security upgrade!
On Fri, 03 Apr 2026 15:05:51 +0700 Arnaud Rebillout <[email protected]> wrote: > Upstream also provides the script /usr/share/xrdp/xrdp-chkpriv to print > some diagnostic, currently the output is as such: > > ``` > # /usr/share/xrdp/xrdp-chkpriv > Settings > - [xrdp.ini] runtime_user : > - [xrdp.ini] runtime_group : > - [xrdp.ini] certificate : /etc/xrdp/cert.pem > - [xrdp.ini] key_file : /etc/xrdp/key.pem > - [sesman.ini] SessionSockdirGroup : > > [ WARN ] This system is not configured to run xrdp without privilege > ``` After upgrade, the output was all OK except for: [ NG ] /etc/xrdp/key.pem is not readable by xrdp:xrdp The reason is that on my system key.pem is a symbolic link to /etc/ssl/ private/ssl-cert-snakeoil.key and the snakeoil file permissions are: -rw-r----- 1 root ssl-cert 1704 Oct 14 2019 /etc/ssl/private/ssl-cert- snakeoil.key I fixed it by sudo adduser xrdp ssl-cert. I'm unclear whether my system is a common setup or perhaps unique. In the former case, I wonder if the xrdp install scripts could take care of this case? Best, -Steve
signature.asc
Description: This is a digitally signed message part.
