dovecot - Dec 2018 - Upgrade to 2.3.1 has failed

Am 16.12.2018 um 19:41 schrieb Tim Dickson:
> permissions should be 644 or 444 owned by root.
The key file should even only be readable by root and not the world. 
0400 would be a good choice.

Alexander

Alexander Dalloz skrev den 2018-12-16 21:30:
> Am 16.12.2018 um 19:41 schrieb Tim Dickson:
>> permissions should be 644 or 444 owned by root.
> 
> The key file should even only be readable by root and not the world.
> 0400 would be a good choice.
all ssl pem files must only be readeble from root, nothing else, so 
permisson 0400 is very god safety, dovecot read pem files before drop 
priviledges so that why it need to be so

Am 16.12.2018 um 22:32 schrieb Benny Pedersen via
dovecot:
> Alexander Dalloz skrev den 2018-12-16 21:30:
>> Am 16.12.2018 um 19:41 schrieb Tim Dickson:
>>> permissions should be 644 or 444 owned by root.
>>
>> The key file should even only be readable by root and not the world.
>> 0400 would be a good choice.
> 
> all ssl pem files must only be readeble from root, nothing else, so 
> permisson 0400 is very god safety, dovecot read pem files before drop 
> priviledges so that why it need to be so
The certificate is served anyhow to clients connecting, so that file 
does not have to be specificly secured. Just take care it cannot be 
written by non root.

Alexander