unbound-control-setup more secure on multiuser system.

git-svn-id: file:///svn/unbound/trunk@2124 be551aaa-1e26-0410-a405-d3ace91eadb9

doc/Changelog

@@ -6,6 +6,7 @@
 	- parentside names are dispreferred but not said to be dnssec-lame.
 	- parentside check for cached newname glue.
 	- fix parentside and querytargets modulestate, for dump_requestlist.
+	- unbound-control-setup makes keys -rw-r--- so not all users permitted.
 
 28 May 2010: Wouter
 	- iana portlist updated.

doc/unbound-control.8.in

@@ -194,8 +194,10 @@ The unbound\-control program exits with status code 1 on error, 0 on success.
 The setup requires a self\-signed certificate and private keys for both 
 the server and client.  The script \fIunbound\-control\-setup\fR generates
 these in the default run directory, or with \-d in another directory.
+If you change the access control permissions on the key files you can decide
+who can use unbound\-control, by default owner and group but not all users.
 Run the script under the same username as you have configured in unbound.conf
-so that the daemon is permitted to read the files, for example with:
+or as root, so that the daemon is permitted to read the files, for example with:
 .nf
     sudo \-u unbound unbound\-control\-setup
 .fi

smallapp/unbound-control-setup.sh

@@ -57,6 +57,9 @@ SVR_BASE=unbound_server
 # base name for unbound-control keys
 CTL_BASE=unbound_control
 
+# we want -rw-r--- access (say you run this as root: grp=yes (server), all=no).
+umask 0026
+
 # end of options
 
 # functions: