Tighten permissions for service-bound certificates to 440

2026-05-17 10:49:11 +02:00
parent fa2d31f7ca
commit 255f353329
2 changed files with 2 additions and 2 deletions
@@ -481,7 +481,7 @@ _vars_setup() {
    set_var DYNTLS_SEND_MAIL                "false"

    set_list DYNTLS_DOMAIN_LIST             "example365.tld:sub1.example365.tld:sub2.example365.tld" 1
-    set_list DYNTLS_DOMAINSERVICE_LIST      "mail02.example365.tld:postfix:root.root:444:postfix:root:1:restart:Postfix" 1
+    set_list DYNTLS_DOMAINSERVICE_LIST      "mail02.example365.tld:postfix:root.root:440:postfix:root:1:restart:Postfix" 1

    set_var DYNTLS_PRODUCTIVE               0

@@ -133,7 +133,7 @@
 # ------------------------------------------------------------------

 # Example service mapping (format: CN:pki_dir:user.group:chmod:service:owner:restartflag:restart|reload:displayname)
-#set_list DYNTLS_DOMAINSERVICE_LIST  "mail02.example365.tld:postfix:root.root:444:postfix:root:1:restart:Postfix"
+#set_list DYNTLS_DOMAINSERVICE_LIST  "mail02.example365.tld:postfix:root.root:440:postfix:root:1:restart:Postfix"

 # ------------------------------------------------------------------
 # OPTIONAL COMMAND HOOKS