Add unbound members group access to control key

Recent openssl genrsa does not use umask for generated keys. There is no
strong reason why every member of unbound group should be able read
server key. But control key would be quite useful to be group readable
and to allow control access to whole group. Allowing access to control
by group membership, not via sudo.

diff --git a/smallapp/unbound-control-setup.sh.in b/smallapp/unbound-control-setup.sh.in
index 4a358f6bd09dff79a2d2357adec9eb9ec0865497..c2a79a24297259e9734b0a3bbf0d05fbba1c35c4 100644 (file)
--- a/smallapp/unbound-control-setup.sh.in
+++ b/smallapp/unbound-control-setup.sh.in
@@ -204,7 +204,8 @@ fi
 # remove unused permissions
 chmod o-rw \
       "$SVR_BASE.pem" \
-      "$SVR_BASE.key" \
+      "$SVR_BASE.key"
+chmod g+r,o-rw \
       "$CTL_BASE.pem" \
       "$CTL_BASE.key"