]> granicus.if.org Git - postgresql/commit
projects / postgresql / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6eb2be1) | patch
Allow SSL server key file to have group read access if owned by root
authorPeter Eisentraut <peter_e@gmx.net>
Sat, 19 Mar 2016 10:03:22 +0000 (11:03 +0100)
committerPeter Eisentraut <peter_e@gmx.net>
Sat, 19 Mar 2016 10:03:22 +0000 (11:03 +0100)
commit9a83564c58b7f6363141a8f1d0c87c89a5ebab5d
treed2384dd046c095d689fea1a8a395e1729bce8939tree | snapshot
parent6eb2be15b5d24b98d334a9dd637f0edb37e2eb7ecommit | diff
Allow SSL server key file to have group read access if owned by root

We used to require the server key file to have permissions 0600 or less
for best security.  But some systems (such as Debian) have certificate
and key files managed by the operating system that can be shared with
other services.  In those cases, the "postgres" user is made a member of
a special group that has access to those files, and the server key file
has permissions 0640.  To accommodate that kind of setup, also allow the
key file to have permissions 0640 but only if owned by root.

From: Christoph Berg <myon@debian.org>
Reviewed-by: Alvaro Herrera <alvherre@alvh.no-ip.org>
doc/src/sgml/runtime.sgml diff | blob | history
src/backend/libpq/be-secure-openssl.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.