Merge branch 'master' of git+ssh://git.taler.net/docs

author: Christian Grothoff <christian@grothoff.org> 2021-01-13 21:27:31 +0100
committer: Christian Grothoff <christian@grothoff.org> 2021-01-13 21:27:31 +0100
commit: 07752fe8a333bf2aff0b525a7e2db35202533a2c (patch)
tree: d7299cd4d425025cff03338a3455ba76d26c47e6 /design-documents/010-exchange-helpers.rst
parent: bc99e88764505e05ac35682d9791e70143243152 (diff)
parent: 96b81f6089bdcc330fbfb52336a8d6e828455761 (diff)
download: docs-07752fe8a333bf2aff0b525a7e2db35202533a2c.tar.gz
docs-07752fe8a333bf2aff0b525a7e2db35202533a2c.tar.bz2
docs-07752fe8a333bf2aff0b525a7e2db35202533a2c.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/design-documents/010-exchange-helpers.rst b/design-documents/010-exchange-helpers.rst
index a2999487..a304d8ec 100644
--- a/design-documents/010-exchange-helpers.rst
+++ b/design-documents/010-exchange-helpers.rst
@@ -42,6 +42,12 @@ running under a different user ID (UID), creating in effect a software
 security module.  The exchange's HTTP process will be required to interact
 with those helpers via a UNIX domain socket.
 
+Socket permission details:
+
+* The socket will be chmod 0620 (u+rw, g+w) regardless of umask.
+* That the group is the same group of the crypto helpers must
+  still be ensured by the operator.
+
 General design details:
 
 * The helpers will process requests from the exchange to sign and revoke keys.
author	Christian Grothoff <christian@grothoff.org>	2021-01-13 21:27:31 +0100
committer	Christian Grothoff <christian@grothoff.org>	2021-01-13 21:27:31 +0100
commit	07752fe8a333bf2aff0b525a7e2db35202533a2c (patch)
tree	d7299cd4d425025cff03338a3455ba76d26c47e6 /design-documents/010-exchange-helpers.rst
parent	bc99e88764505e05ac35682d9791e70143243152 (diff)
parent	96b81f6089bdcc330fbfb52336a8d6e828455761 (diff)
download	docs-07752fe8a333bf2aff0b525a7e2db35202533a2c.tar.gz docs-07752fe8a333bf2aff0b525a7e2db35202533a2c.tar.bz2 docs-07752fe8a333bf2aff0b525a7e2db35202533a2c.zip