Bug 134144

Summary:	cupsd changes owner, group and permissions of SSL certificate
Product:	[openSUSE] SUSE LINUX 10.0	Reporter:	Johannes Meixner <jsmeix>
Component:	Printing	Assignee:	Klaus Singvogel <kssingvo>
Status:	RESOLVED INVALID	QA Contact:	Johannes Meixner <jsmeix>
Severity:	Major
Priority:	P5 - None	CC:	mc
Version:	Final
Target Milestone:	---
Hardware:	Other
OS:	SuSE Linux 10.0
Whiteboard:
Found By:	Development	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Johannes Meixner 2005-11-17 10:48:59 UTC

When cupsd starts, it changes owner, group and permissions
of a SSL certificate to "-rw-r-----  1 lp lp".

If it is a system wide used certificate, other services
can no longer use it.

How to reproduce:
Specify in /etc/cups/cupsd.conf a system wide certificate
(here it is the default system certificate on a SLES9):
----------------------------------------------------------
ServerCertificate /etc/ssl/servercerts/servercert.pem
ServerKey /etc/ssl/servercerts/serverkey.pem
----------------------------------------------------------

For your information:
By default the SLES9 system certificate is
(here on brie.hwlab.suse.de):
----------------------------------------------------------------
brie:~ # ls -ld /etc/ssl/servercerts/*
-rw-r--r--  1 root root ... /etc/ssl/servercerts/servercert.pem
-rw-r-----+ 1 root root ... /etc/ssl/servercerts/serverkey.pem

brie:~ # getfacl /etc/ssl/servercerts/serverkey.pem
getfacl: Removing leading '/' from absolute path names
# file: etc/ssl/servercerts/serverkey.pem
# owner: root
# group: root
user::rw-
user:ldap:r--
group::---
mask::r--
other::---
----------------------------------------------------------------

Comment 1 Klaus Singvogel 2005-11-17 10:56:49 UTC

yes, this is intended and required.