exim4 tries to read this file after it does setuid

So the file needs to be readable to 'Debian-exim4' user
2013-11-17 08:57:55 -08:00 · 2013-11-17 08:57:55 -08:00 · c1ba2ad34b
parent cb7a88c522
commit c1ba2ad34b
1 changed files with 2 additions and 1 deletions
--- a/local-modules/exim4-config/manifests/dkim.pp
+++ b/local-modules/exim4-config/manifests/dkim.pp
@ -11,7 +11,8 @@ define exim4-config::dkim {
    creates => "/etc/exim4/dkim-$name.key",
    cwd     => "/etc/exim4",
    command => "openssl genrsa -out dkim-$name.key 2048    \
-                && chmod 600 dkim-$name.key    \
+                && chgrp Debian-exim dkim-$name.key    \
+                && chmod 640 dkim-$name.key    \
                && openssl rsa -in dkim-$name.key -out dkim-$name.pub -pubout -outform PEM",
    notify  => Exec['reload-exim4']
  }