From fbcd17c52091cb51a86f0ab2acb5348a12b613e0 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 22 Feb 2021 12:06:09 +0100 Subject: In lacme's the [accountd] config, let lacme-accountd(1) do the %-expansion for 'config'. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This matches the arguably expected behavior that ‘config = %h/foo’ is passed as ‘--config=%h/foo’ and resolved by lacme-accountd(1) (possibly remote and with another passwd database). --- lacme.8.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'lacme.8.md') diff --git a/lacme.8.md b/lacme.8.md index ad6dab6..c39f51c 100644 --- a/lacme.8.md +++ b/lacme.8.md @@ -322,9 +322,8 @@ UNIX-domain socket. *config* -: Path to the [`lacme-accountd`(1)] configuration file. The value is - subject to [%-specifier expansion](#percent-specifiers) _after_ - privilege drop. +: Path to the [`lacme-accountd`(1)] configuration file. Note that the + value might be subject to %-expansion by [`lacme-accountd`(1)]. *quiet* -- cgit v1.2.3 From c612a7ff44995f4f9c39fa0fb68470d90c88decf Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 24 Feb 2021 21:01:12 +0100 Subject: lacme: Default mode for certificate(-chain) creation is 0644 minus umask restrictions. Also, always spawn the client with umask 0022 so a starting lacme(8) with a restrictive umask doesn't impede serving challenge response files. --- lacme.8.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lacme.8.md') diff --git a/lacme.8.md b/lacme.8.md index c39f51c..7f6558e 100644 --- a/lacme.8.md +++ b/lacme.8.md @@ -429,7 +429,8 @@ Valid settings are: *chmod* : An optional octal mode to chmod the issued *certificate* and - *certificate-chain* to. + *certificate-chain* to. By default the files are created with mode + 0644 minus umask restrictions. *notify* -- cgit v1.2.3 From c6a4aaa6128d55ba5f7f3cd2bd75f789f69ae407 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 24 Feb 2021 21:24:13 +0100 Subject: lacme: Add 'owner' resp. 'mode' as (prefered) alias for 'chown' resp. 'chmod'. --- lacme.8.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lacme.8.md') diff --git a/lacme.8.md b/lacme.8.md index 7f6558e..65f1c36 100644 --- a/lacme.8.md +++ b/lacme.8.md @@ -421,12 +421,12 @@ Valid settings are: See [`x509v3_config`(5ssl)] for a list of possible values. Note that the ACME server might override the value provided here. -*chown* +*owner*, *chown* : An optional `username[:groupname]` to chown the issued *certificate* and *certificate-chain* to. -*chmod* +*mode*, *chmod* : An optional octal mode to chmod the issued *certificate* and *certificate-chain* to. By default the files are created with mode -- cgit v1.2.3