Add unbound members group access to control key

Recent openssl genrsa does not use umask for generated keys. There is no strong reason why every member of unbound group should be able read server key. But control key would be quite useful to be group readable and to allow control access to whole group. Allowing access to control by group membership, not via sudo.
2026-02-03 04:09:28 -05:00 · 2025-01-14 13:55:10 +01:00 · 2025-01-14 13:55:10 +01:00 · f4881bd81a
commit f4881bd81a
parent c3b5bff311
1 changed files with 2 additions and 1 deletions
--- a/smallapp/unbound-control-setup.sh.in
+++ b/smallapp/unbound-control-setup.sh.in
@ -204,7 +204,8 @@ fi
 # remove unused permissions
 chmod o-rw \
      "$SVR_BASE.pem" \
-      "$SVR_BASE.key" \
+      "$SVR_BASE.key"
+chmod g+r,o-rw \
      "$CTL_BASE.pem" \
      "$CTL_BASE.key"