Changeset View
Changeset View
Standalone View
Standalone View
security/openiked/pkg-plist
| Property | Old Value | New Value |
|---|---|---|
| fbsd:nokeywords | null | yes \ No newline at end of property |
| svn:eol-style | null | native \ No newline at end of property |
| svn:mime-type | null | text/plain \ No newline at end of property |
| @sample etc/ikeca.cnf.sample | |||||
| @sample etc/iked.conf.sample | |||||
| man/man5/iked.conf.5.gz | |||||
| man/man8/ikectl.8.gz | |||||
| man/man8/iked.8.gz | |||||
| sbin/ikectl | |||||
| sbin/iked | |||||
| @dir(,,755) etc/iked/ca | |||||
| @dir(,,755) etc/iked/certs | |||||
| @dir(,,755) etc/iked/crls | |||||
| @dir(,,700) etc/iked/private | |||||
| @dir(,,755) etc/iked/pubkeys/fqdn | |||||
mat: In the rc script, I read this one should have a mode of 0700.
In that case, this should read… | |||||
Not Done Inline ActionsGood catch! Yes, the directory should be 0700. However it should remain owned by root. The daemon will read the private key (with EUID root) before lowering permissions (EUID _iked). marcel: Good catch!
Yes, the directory should be 0700. However it should remain owned by root. The… | |||||
| @dir(,,755) etc/iked/pubkeys/ipv4 | |||||
| @dir(,,755) etc/iked/pubkeys/ipv6 | |||||
| @dir(,,755) etc/iked/pubkeys/ufqdn | |||||
matUnsubmitted Not Done Inline ActionsYou do not need to put 755, it is the default. mat: You do not need to put 755, it is the default. | |||||
In the rc script, I read this one should have a mode of 0700.
In that case, this should read:
but it will only be readable as root, so, maybe something more like
and add in the Makefile:
PLIST_SUB= USER=${USERS} GROUP=${GROUPS}