I just found this error in my server logs
May 17 14:55:07 marcus dkimproxy.out[1005]: signing error: Error: cannot read /etc/ssl/private/dkim_server/dkim_server.key: Permission denied
dkimproxy runs as dkim
user, member of both dkim
and ssl-private
groups. The key file is chmodded as follows
# l /etc/ssl/private/dkim_server/
drwxr-x--- 2 dkim ssl-private 4096 12 dic 2009 ./
drwxr-x--- 10 root ssl-private 4096 11 apr 16.37 ../
-rw-r----- 1 dkim ssl-private 891 12 dic 2009 dkim_server.key
-rw-r----- 1 dkim ssl-private 272 12 dic 2009 dkim_server.pub
I also did as root sudo -u dkim cat /etc/ssl/private/dkim_server/dkim_server.key
and it works.
I had the same problem yesterday but I simply forgot to add dkim to ssl-private group. After I fixed that I thought I was done
Now seems that dkimproxy is still unable to read the private key.
What could I do to fix this problem?
It now works.
Edited
/etc/init.d/dkimproxy
Changed
and restarted...
The problem is that dkim user unable to access /etc/ssl/private directory, and possibly /etc/ssl Either add dkim user to ssl-private group or do
chmod o+rx /etc/ssl /etc/ssl/private
. However second choice is somewhat insecure.