Zimbra

florianh · #1 (**permalink**) 07-30-2009, 03:04 AM

Hi all,

we're using Release 5.0.16_GA_2921.UBUNTU8 UBUNTU8 FOSS edition and I want to install a Thawte SSL123 certificate. Generating the CSR, I've seen that the files in the directory /opt/zimbra/ssl/zimbra/commercial have very generous access rights:

root@XYZ:/opt/zimbra/ssl/zimbra/commercial# ls -axl
total 16
drwxr----- 2 zimbra zimbra 4096 Jun 13 16:50 .
drwxr----- 5 zimbra zimbra 4096 May 21 20:48 ..
-rw-r--r-- 1 root root 704 Jul 27 11:50 commercial.csr
-rw-r--r-- 1 root root 891 Jul 27 11:50 commercial.key

Isn't this a security hole, or am I misunderstanding something here?

Best regards
Florian

Rich Graves · #2 (**permalink**) 07-30-2009, 08:13 AM

Since . is only accessible to zimbra, no, it isn't.

GeorgThoma · #3 (**permalink**) 07-30-2009, 08:35 AM

Hello,

one small comment / explanation for florianh.

"rw-r--r-- 1 root root 891 Jul 27 11:50 commercial.key" means readable for all
but "drwxr----- 5 zimbra zimbra 4096 May 21 20:48 .." means only zimbra and root can go there to read. No other user can change in that directory to read.

kr Georg

florianh · #4 (**permalink**) 07-30-2009, 08:37 AM

Oops... you're right!

My fault!

Zimbra

Downloads

Product Information

Toolbox

Why Join?