On Wed, Sep 24, 2014 at 11:36 PM, Paul Wouters <[email protected]> wrote:
> On Tue, 23 Sep 2014, Rickard Bellgrim wrote: > > On Fri, Sep 19, 2014 at 9:49 PM, Paul Wouters <[email protected]> wrote: >> [root@ns0 log]# ls -l /var/softhsm/slot0.db >> -rw-rw-r--. 1 root nsd 329728 Sep 14 10:09 /var/softhsm/slot0.db >> >> >> What user and group is ods-signer dropping to according to conf.xml? >> > > "ods" > > Perhaps running softhsm --import or ods-ksmutil key import as root causes > this? The user "ods" will not be able to open the token database. The SoftHSM token database will get the same user and group as the user running the softhsm command. However, the command should not create a file that is world readable. Your file is world readable. (The argument --export or --optimize will not set the correct file permissions. See SOFTHSM-101.) // Rickard
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
