#!/bin/bash
if [ ! -e /etc/pki/certmaster/ca/certmaster.key ]
then
    /usr/bin/certmaster daemon
    while [ ! -e /etc/pki/certmaster/ca/certmaster.key ]
    do
	sleep 5
    done
    killall -9 certmaster
fi
    setfacl --remove-all /etc/pki/certmaster/ca/certmaster.key

    for i in nobody http
    do 
       setfacl -d -R -m u:$i:rX /etc/pki/certmaster/
       setfacl -R -m u:$i:rX /etc/pki/certmaster/

       setfacl -R -m  mask:rwx /etc/pki/certmaster/
       setfacl -R -m u:$i:rX /etc/pki/certmaster/ca/certmaster.key

       setfacl -d -R -m u:$i:rX /var/lib/certmaster
       setfacl -R -m u:$i:rX /var/lib/certmaster
       setfacl -d -R -m u:$i:rX /var/lib/certmaster/certmaster
       setfacl -R -m u:$i:rX /var/lib/certmaster/certmaster
       setfacl -d -R -m u:$i:rX /var/lib/certmaster/certmaster/certs
       setfacl -R -m u:$i:rX /var/lib/certmaster/certmaster/certs
   done 

exec  /usr/bin/certmaster