Add option to allow group read in FileStorage #128
Conversation
Add a flag to FileStorage to allow group read access to the files created. This allows for other systems to be granted group access to the certs/keys created. Fixes: caddyserver#121 Signed-off-by: SuperQ <[email protected]>
|
Thanks, but as discussed in the issue, I don't think this is a good way to approach this; (also it does not compile). |
|
Without this, there is no way to use the keys that Caddy downloads with other software. Use UNIX groups is the standard way for this to happen. There is no option, other than having to disable Caddy's ACME support and fully going with an external tool. |
|
The user and group you run Caddy as is a system admin concern unfortunately, not a Caddy concern -- it should be done by other tooling. |
|
Yes, it absolutely is a system concern. That's fine. But the files Caddy creates need to either respect the umask the system presents, for example in systemd, you can set the umask for a service. Or the application needs to be told what umask to write files as. Without one of those two options, I can't grant group permissions without race conditions to make this work. Please reconsider your stance on this. This is a standard way for people to manage these files. It worked just fine on Caddy v1, where files respected the group permissions. We need a way to be able to control Caddy's file creations. |
Add a flag to FileStorage to allow group read access to the files
created. This allows for other systems to be granted group access to the
certs/keys created.
Fixes: #121
Signed-off-by: SuperQ [email protected]