mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 14:47:09 +00:00
Updated documentation for key user privileges.
git-svn-id: file:///svn/unbound/trunk@1372 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
parent
32f6afbb48
commit
8b919a3780
@ -1,3 +1,10 @@
|
||||
24 November 2008: Wouter
|
||||
- document that the user of the server daemon needs read privileges
|
||||
on the keys and certificates generated by unbound-control-setup.
|
||||
This is different per system or distribution, usually, running the
|
||||
script under the same username as the server uses suffices.
|
||||
i.e. sudo -u unbound unbound-control-setup
|
||||
|
||||
21 November 2008: Wouter
|
||||
- fixed tcp accept, errors were printed when they should not.
|
||||
- unbound-control-setup.sh removes read/write permissions other
|
||||
|
@ -117,6 +117,14 @@ The unbound-control program exits with status code 1 on error, 0 on success.
|
||||
The setup requires a self\-signed certificate and private keys for both
|
||||
the server and client. The script \fIunbound\-control\-setup\fR generates
|
||||
these in the default run directory, or with \-d in another directory.
|
||||
Run the script under the same username as you have configured in unbound.conf
|
||||
so that the daemon is permitted to read the files, for example with:
|
||||
.nf
|
||||
sudo \-u unbound unbound\-control\-setup
|
||||
.fi
|
||||
If you have not configured
|
||||
a username in unbound.conf, the keys need read permission for the user
|
||||
credentials under which the daemon is started.
|
||||
The script preserves private keys present in the directory.
|
||||
After running the script as root, turn on \fBcontrol-enable\fR in
|
||||
\fIunbound.conf\fR.
|
||||
|
@ -74,6 +74,8 @@ while test $# -ne 0; do
|
||||
echo "unbound-control-setup.sh - setup SSL keys for unbound-control"
|
||||
echo " -d dir use directory to store keys and certificates."
|
||||
echo " default: $DESTDIR"
|
||||
echo "please run this command using the same user id that the "
|
||||
echo "unboun daemon uses, it needs read privileges."
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
Loading…
Reference in New Issue
Block a user