blob: 0f5add7bb3fd0d010d1c6bffea88bdf683cc0b86 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
#!/bin/bash
if [ ! -e /etc/pki/certmaster/ca/certmaster.key ]
then
/usr/bin/certmaster daemon
while [ ! -e /etc/pki/certmaster/ca/certmaster.key ]
do
sleep 5
done
killall -9 certmaster
fi
setfacl --remove-all /etc/pki/certmaster/ca/certmaster.key
for i in nobody http
do
setfacl -d -R -m u:$i:rX /etc/pki/certmaster/
setfacl -R -m u:$i:rX /etc/pki/certmaster/
setfacl -R -m mask:rwx /etc/pki/certmaster/
setfacl -R -m u:$i:rX /etc/pki/certmaster/ca/certmaster.key
setfacl -d -R -m u:$i:rX /var/lib/certmaster
setfacl -R -m u:$i:rX /var/lib/certmaster
setfacl -d -R -m u:$i:rX /var/lib/certmaster/certmaster
setfacl -R -m u:$i:rX /var/lib/certmaster/certmaster
setfacl -d -R -m u:$i:rX /var/lib/certmaster/certmaster/certs
setfacl -R -m u:$i:rX /var/lib/certmaster/certmaster/certs
done
exec /usr/bin/certmaster
|