Updated documentation for key user privileges.

git-svn-id: file:///svn/unbound/trunk@1372 be551aaa-1e26-0410-a405-d3ace91eadb9

doc/Changelog

@@ -1,3 +1,10 @@
+24 November 2008: Wouter
+	- document that the user of the server daemon needs read privileges
+	  on the keys and certificates generated by unbound-control-setup.
+	  This is different per system or distribution, usually, running the
+	  script under the same username as the server uses suffices.
+	  i.e.  sudo -u unbound unbound-control-setup
+
 21 November 2008: Wouter
 	- fixed tcp accept, errors were printed when they should not.
 	- unbound-control-setup.sh removes read/write permissions other

doc/unbound-control.8.in

@@ -117,6 +117,14 @@ The unbound-control program exits with status code 1 on error, 0 on success.
 The setup requires a self\-signed certificate and private keys for both 
 the server and client.  The script \fIunbound\-control\-setup\fR generates
 these in the default run directory, or with \-d in another directory.
+Run the script under the same username as you have configured in unbound.conf
+so that the daemon is permitted to read the files, for example with:
+.nf
+    sudo \-u unbound unbound\-control\-setup
+.fi
+If you have not configured
+a username in unbound.conf, the keys need read permission for the user
+credentials under which the daemon is started.
 The script preserves private keys present in the directory.
 After running the script as root, turn on \fBcontrol-enable\fR in 
 \fIunbound.conf\fR.

smallapp/unbound-control-setup.sh

@@ -74,6 +74,8 @@ while test $# -ne 0; do
 	echo "unbound-control-setup.sh - setup SSL keys for unbound-control"
 	echo "	-d dir	use directory to store keys and certificates."
 	echo "		default: $DESTDIR"
+	echo "please run this command using the same user id that the "
+	echo "unboun daemon uses, it needs read privileges."
 	exit 1
 	;;
 	esac