#!/bin/bash
setfacl --remove-all /etc/pki/certmaster/ca/certmaster.key

for i in nobody http
do 
  setfacl -d -R -m u:$i:rX /etc/pki/certmaster/
  setfacl -R -m u:$i:rX /etc/pki/certmaster/
         
  setfacl -R -m  mask:rwx /etc/pki/certmaster/
  setfacl -R -m u:$i:rX /etc/pki/certmaster/ca/certmaster.key

  setfacl -d -R -m u:$i:rX /var/lib/certmaster
  setfacl -R -m u:$i:rX /var/lib/certmaster
  setfacl -d -R -m u:$i:rX /var/lib/certmaster/certmaster
  setfacl -R -m u:$i:rX /var/lib/certmaster/certmaster
  setfacl -d -R -m u:$i:rX /var/lib/certmaster/certmaster/certs
  setfacl -R -m u:$i:rX /var/lib/certmaster/certmaster/certs
done

DISPLAY=127.0.0.1:0  exec  /usr/bin/funcd