+24 November 2008: Wouter
+ - document that the user of the server daemon needs read privileges
+ on the keys and certificates generated by unbound-control-setup.
+ This is different per system or distribution, usually, running the
+ script under the same username as the server uses suffices.
+ i.e. sudo -u unbound unbound-control-setup
+
21 November 2008: Wouter
- fixed tcp accept, errors were printed when they should not.
- unbound-control-setup.sh removes read/write permissions other
The setup requires a self\-signed certificate and private keys for both
the server and client. The script \fIunbound\-control\-setup\fR generates
these in the default run directory, or with \-d in another directory.
+Run the script under the same username as you have configured in unbound.conf
+so that the daemon is permitted to read the files, for example with:
+.nf
+ sudo \-u unbound unbound\-control\-setup
+.fi
+If you have not configured
+a username in unbound.conf, the keys need read permission for the user
+credentials under which the daemon is started.
The script preserves private keys present in the directory.
After running the script as root, turn on \fBcontrol-enable\fR in
\fIunbound.conf\fR.
echo "unbound-control-setup.sh - setup SSL keys for unbound-control"
echo " -d dir use directory to store keys and certificates."
echo " default: $DESTDIR"
+ echo "please run this command using the same user id that the "
+ echo "unboun daemon uses, it needs read privileges."
exit 1
;;
esac
projects / thirdparty / unbound.git / commitdiff
