- Fix #4192: unbound-control-setup generates keys not readable by

  group.

git-svn-id: file:///svn/unbound/trunk@4942 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 85e05a6acef83f1a3a6d57daac616a17479864d5..3002473f1e9dd2835b895684e59f5233a5a0febf 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+22 October 2018: Wouter
+       - Fix #4192: unbound-control-setup generates keys not readable by
+         group.
+
 22 October 2018: Ralph
        - Change fast-server-num default to 3.
 

diff --git a/smallapp/unbound-control-setup.sh.in b/smallapp/unbound-control-setup.sh.in
index 0d759f4413d4b7381e42c5e34cbc447f024f3b7d..f4024b435530e46bb32a3beeef5397ec2eeda78c 100644 (file)
--- a/smallapp/unbound-control-setup.sh.in
+++ b/smallapp/unbound-control-setup.sh.in
@@ -148,8 +148,8 @@ test -f $CTL_BASE.pem || error "could not create $CTL_BASE.pem"
 # echo "empty password is used, simply click OK on the password dialog box."
 # openssl pkcs12 -export -in $CTL_BASE"_trust.pem" -inkey $CTL_BASE.key -name "unbound remote control client cert" -out $CTL_BASE"_browser.pfx" -password "pass:" || error "could not create browser certificate"
 
-# remove unused permissions
-chmod o-rw $SVR_BASE.pem $SVR_BASE.key $CTL_BASE.pem $CTL_BASE.key
+# set desired permissions
+chmod 0640 $SVR_BASE.pem $SVR_BASE.key $CTL_BASE.pem $CTL_BASE.key
 
 # remove crap
 rm -f request.cfg