blob: f3ac05495c81161f73e393f47ce4b79730269ef3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
#!/bin/bash
MYTH_RUN_STATUS="1"
if [ ! -e /etc/pki/certmaster/ca/certmaster.key ]
then
/usr/bin/certmaster daemon
while [ ! -e /etc/pki/certmaster/ca/certmaster.key ]
do
sleep 5
done
killall -9 certmaster
fi
setfacl --remove-all /etc/pki/certmaster/ca/certmaster.key
for i in nobody http
do
setfacl -d -R -m u:$i:rX /etc/pki/certmaster/
setfacl -R -m u:$i:rX /etc/pki/certmaster/
setfacl -R -m mask:rwx /etc/pki/certmaster/
setfacl -R -m u:$i:rX /etc/pki/certmaster/ca/certmaster.key
setfacl -d -R -m u:$i:rX /var/lib/certmaster
setfacl -R -m u:$i:rX /var/lib/certmaster
setfacl -d -R -m u:$i:rX /var/lib/certmaster/certmaster
setfacl -R -m u:$i:rX /var/lib/certmaster/certmaster
setfacl -d -R -m u:$i:rX /var/lib/certmaster/certmaster/certs
setfacl -R -m u:$i:rX /var/lib/certmaster/certmaster/certs
done
exec /usr/bin/certmaster
|