schleuder (cert generate): Check user (and group?) schleuder-api-daemon is running as?
Currently, I'm running schleuder-api-daemon in Debian as schleuder, both for the group and user. However, if I'm calling schleuder cert generate
as root
, the private key gets created in a way so only root
is able to read / work with it (which is a good thing, actually). However, this leads as well to the fact that schleuder-api-daemon
is not able to read the file. I'm unsure if the common user will know / understand that he/she should call schleuder (cert generate)
not as root
, but as schleuder
. I think either we should check which user calls schleuder
, (exit early) and print a note to the user, or schleuder
should create the keys in a way that the user schleuder
is able to read them. Maybe there is some other approach as well, because I guess most people who install the gem won't have a dedicated user running the daemon, which is clearly a downside.