Rename config file, parameters, application name, package.
This commit is contained in:
Anatoly Sablin
@@ -5,23 +5,23 @@ avoid leak of credentials/key pairs
|
||||
|
||||
## Configuration
|
||||
Your config file should have the following ownership:
|
||||
- Dedicated user for mxisd, used to run the software
|
||||
- Dedicated group for mxisd, used by other applications to access and read configuration files
|
||||
- Dedicated user for ma1sd, used to run the software
|
||||
- Dedicated group for ma1sd, used by other applications to access and read configuration files
|
||||
|
||||
Your config file should have the following access:
|
||||
- Read and write for the mxisd user
|
||||
- Read for the mxisd group
|
||||
- Read and write for the ma1sd user
|
||||
- Read for the ma1sd group
|
||||
- Nothing for others
|
||||
|
||||
This translates into `640` and be applied with `chmod 640 /path/to/config/file.yaml`.
|
||||
|
||||
## Data
|
||||
The only sensible place is the key store where mxisd's signing keys are stored. You should therefore limit access to only
|
||||
the mxisd user, and deny access to anything else.
|
||||
The only sensible place is the key store where ma1sd's signing keys are stored. You should therefore limit access to only
|
||||
the ma1sd user, and deny access to anything else.
|
||||
|
||||
Your key store should have the following access:
|
||||
- Read and write for the mxisd user
|
||||
- Nothing for the mxisd group
|
||||
- Read and write for the ma1sd user
|
||||
- Nothing for the ma1sd group
|
||||
- Nothing for others
|
||||
|
||||
The identity store can either be a file or a directory, depending on your version. v1.4 and higher are using a directory,
|
||||
|
||||
Reference in New Issue
Block a user