[Samba] file rights tls key files.

L.P.H. van Belle belle at bazuin.nl
Fri Apr 15 09:12:04 UTC 2016

Yes, i can understand what your saying. 

But i have a "server" certificate, which i use for multple services.
And since some of these services "run as" other user/group i have a special group for that. So logical i set 0440 on my key file and 444 on my cert files. 
And why does the key file ( any certficicate file  ) a 6, 4 is sufficient. 

Its just not logical make copies of the certificates thats not why i have a "server" certificate...  

Im just not happy with samba "enforcing" my security settings.. 
So anyway to overrule this? 



> -----Oorspronkelijk bericht-----
> Van: bj at SerNet.DE [mailto:bjacke at sernet.de] Namens Björn JACKE
> Verzonden: vrijdag 15 april 2016 10:55
> Aan: L.P.H. van Belle
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] file rights tls key files.
> On 2016-04-15 at 10:09 +0200 L.P.H. van Belle sent off:
> > It there anyway to override this setting?  I do need 0440 here.  ( or
> 0400 )
> >
> > 0600 is not needed imo.
> can you say, why you need 440 here? I can't think of a valid use case for
> that.
> If another service should use a SSL certificate on that server, you would
> give
> that service another certificate then and not reuse the AD server SSL
> cert.
> Björn

More information about the samba mailing list