I would like to setup a node.js https server using a certificate I already have on my debian8 machine.
This certificate's group is set to libretodoapi
(a user / group I've created to run the node.js app). The permission 640 should allow read access to that file:
root@nijin:/# ls -l /etc/letsencrypt/archive/api.libretodo.org/privkey1.pem
-rw-r----- 1 root libretodoapi 1704 Jan 11 23:11 /etc/letsencrypt/archive/api.libretodo.org/privkey1.pem
That said, trying to access the file as libretodoapi
fails:
root@nijin:/# sudo -u libretodoapi cat /etc/letsencrypt/archive/api.libretodo.org/privkey1.pem
cat: /etc/letsencrypt/archive/api.libretodo.org/privkey1.pem: Permission denied
The predecessor folders all belong to root:
root@nijin:~# namei -lo /etc/letsencrypt/archive/api.libretodo.org/privkey1.pem
f: /etc/letsencrypt/archive/api.libretodo.org/privkey1.pem
drwxr-xr-x root root /
drwxr-xr-x root root etc
drwxr-xr-x root root letsencrypt
drwx------ root root archive
drwxr-xr-x root root api.libretodo.org
-rw-r----- root libretodoapi privkey1.pem
I don't believe that there is a bug somewhere. Much rather, I think I don't know something about unix permissions which can explain that behavior. Do you know what I am missing?
namei -lo /etc/letsencrypt/archive/api.libretodo.org/privkey1.pem
to your question. – Thomas Feb 10 '18 at 18:02x
permissions for the user/group to enable them to access it. – Kusalananda Feb 10 '18 at 18:14x
to thearchive
folder solved the problem. Do you want to post that as an answer so I can accept? – Nijin22 Feb 10 '18 at 18:21