Matching debian's existing practice of using the ssl-cert group is the
right thing to do here.
The keys should have something like 640 perms and root:ssl-cert
ownership.
(root until the package works as a non-root user, but still chgrp
ssl-cert if the user running it is root or in that group.)
-
Package: letsencrypt
Version: 0.4.1-1
Severity: normal
Dear Maintainer,
as a part of gitlab package, letsencrypt certificate is installed. I have
checked file permissions on private key file
and it is readable by all. Private key should be kept readable just to
appropriate applications (web ser