diff options
| author | Devaev Maxim <[email protected]> | 2021-02-15 04:56:06 +0300 |
|---|---|---|
| committer | Devaev Maxim <[email protected]> | 2021-02-15 04:56:06 +0300 |
| commit | 9911914e7024225a6524b96f5a9f10234613aa02 (patch) | |
| tree | a0b2b224c01cefc44f6b8670ba1c44fc1b3f20ee | |
| parent | 058d82c81208f816f5e93400d10ae7c2b2380ae3 (diff) | |
fixed cert perms
| -rw-r--r-- | kvmd.install | 10 | ||||
| -rwxr-xr-x | scripts/kvmd-gencert | 2 |
2 files changed, 7 insertions, 5 deletions
diff --git a/kvmd.install b/kvmd.install index db2cb3a3..ae2297d4 100644 --- a/kvmd.install +++ b/kvmd.install @@ -24,10 +24,12 @@ post_upgrade() { kvmd-gencert --do-the-thing --vnc fi - chown root:root /etc/kvmd/vnc/ssl - chown root:root /etc/kvmd/nginx/ssl - chmod 755 /etc/kvmd/vnc/ssl - chmod 755 /etc/kvmd/nginx/ssl + for target in nginx vnc; do + chown root:root /etc/kvmd/$target/ssl + chown root:kvmd-$target /etc/kvmd/$target/ssl/* + chmod 440 /etc/kvmd/$target/ssl/server.key + chmod 444 /etc/kvmd/$target/ssl/server.crt + done echo "==> Patching configs ..." [ ! -f /boot/config.txt ] || sed -i -e 's/^dtoverlay=pi3-disable-bt$/dtoverlay=disable-bt/g' /boot/config.txt diff --git a/scripts/kvmd-gencert b/scripts/kvmd-gencert index f96f0c8f..1e635b3e 100755 --- a/scripts/kvmd-gencert +++ b/scripts/kvmd-gencert @@ -58,6 +58,6 @@ openssl req -new -x509 -sha256 -nodes -key server.key -out server.crt -days 3650 -subj "/C=RU/ST=Moscow/L=Moscow/O=Pi-KVM/OU=Pi-KVM/CN=localhost" chown root:kvmd-$target /etc/kvmd/$target/ssl/* -chmod 400 server.key +chmod 440 server.key chmod 444 server.crt chmod 755 /etc/kvmd/$target/ssl |