堆栈内存溢出
  简体   繁体   English

在Web应用程序中读取私有DKIM文件内容的用户权限

[英]User permissions for reading private dkim file contents within web app

 原文  2015-10-31 15:03:56       security/ permissions/ file-permissions/ dkim/ file-security

问题描述

As it stands, when sending email using clients like Thunderbird, my messages get signed with DKIM. 就目前而言,当使用诸如Thunderbird之类的客户端发送电子邮件时,我的消息会使用DKIM进行签名。 However when generating emails from a web application, they do not get signed. 但是,从Web应用程序生成电子邮件时,它们不会被签名。

I've used a Rails gem called dkim to apply the key upon sending, however the location and file permissions for the private key found in /var/cpanel/domain_keys/private/[filename] are out of the scope of the user permissions of the Rails app. 我已经使用了一个名为dkim的Rails gem在发送时应用密钥,但是在/var/cpanel/domain_keys/private/[filename]中找到的私钥的位置和文件权限超出了用户权限的范围Rails应用程序。

My rails app currently runs under the user account 'whatever'. 我的Rails应用程序当前以用户帐户“任何”运行。 'whatever' is the user account for my web host. “任何”是我的虚拟主机的用户帐户。 I don't think it's wise to add the 'whatever' user to the 'mail' group just for the sake of reading the DKIM private key file contents, so what are my solutions? 我认为仅出于读取DKIM私钥文件内容的目的,将“任何”用户添加到“邮件”组中都是不明智的,那么我的解决方案是什么? I've tried ACL (no errors upon executing the command sudo setfacl -mu:whatever:r /var/cpanel/domain_keys/private/[filename] , but the user 'whatever' still cannot read the file). 我已经尝试过ACL(执行命令sudo setfacl -mu:whatever:r /var/cpanel/domain_keys/private/[filename]时没有错误,但是用户“ whatever”仍然无法读取该文件)。

I think the simplest solution is to symbolically link the file to a location in my app's directory upon deployment but I still need sudo permission to do it. 我认为最简单的解决方案是在部署时将文件符号链接到应用程序目录中的某个位置,但是我仍然需要sudo权限才能执行此操作。

1 个解决方案

解决方案1
 0 已采纳  2015-11-01 20:36:27

The solution was to also set "execute", not just "read". 解决方案是还设置“执行”,而不仅仅是“读取”。 You will also need to do this for parent directories that the user is currently denied access to. 您还需要对当前拒绝用户访问的父目录执行此操作。

sudo setfacl -mu:whatever:rx /var/cpanel/domain_keys/private

and then 接着

sudo setfacl -mu:whatever:rx /var/cpanel/domain_keys/private/[filename]

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在程序文件中包含SQL用户(具有有限权限)的安全隐患 - Security Implications of Including SQL User (with limited permissions) Within the Program File 了解MySQL的Web App权限 - Understanding Web App Permissions with MySQL LAMP Web服务器文件权限 - LAMP web server file permissions Hawt.io Web应用程序-用户权限 - Hawt.io web application - user permissions iOS:我需要将用户的私钥(RSA)转移到我的应用程序。 文件共享是一个好的解决方案吗? - iOS: I need to transfer user's private key (RSA) to my App. Is file sharing a good solution? 在哪里保留Web应用程序的私钥和凭据? - Where to keep private keys and credentials for a web app? 从Django应用程序写入/读取机密文件的解决方案有多安全? - How safe is a solution of writing/reading secret file from within Django app? 检查用户是否对* nix中的文件具有权限 - Checking if user has permissions for file in *nix 保护Web应用程序中的公共/私有密钥对 - Protecting public/private keypair in web app 在Javascript Web App中保护私有API密钥 - Securing Private API keys in Javascript Web App
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM