summaryrefslogtreecommitdiff
path: root/design-documents
diff options
context:
space:
mode:
authorStefan Kügel <skuegel@web.de>2021-01-11 22:16:21 +0100
committerStefan Kügel <skuegel@web.de>2021-01-11 22:16:21 +0100
commita050504fd0a26fd40abf653450ee3deae807266b (patch)
treee61a9548bde9bb00aec937ebf514e47300d9b9e9 /design-documents
parentee35dab4b592b720138976d1fef65ca8de6d7c36 (diff)
parent675294b4f107a2026fdc3858850323ff10e6f2bf (diff)
downloaddocs-a050504fd0a26fd40abf653450ee3deae807266b.tar.gz
docs-a050504fd0a26fd40abf653450ee3deae807266b.tar.bz2
docs-a050504fd0a26fd40abf653450ee3deae807266b.zip
Merge branch 'master' of ssh://git.taler.net/docs
Diffstat (limited to 'design-documents')
-rw-r--r--design-documents/010-exchange-helpers.rst6
1 files changed, 6 insertions, 0 deletions
diff --git a/design-documents/010-exchange-helpers.rst b/design-documents/010-exchange-helpers.rst
index a299948..a304d8e 100644
--- a/design-documents/010-exchange-helpers.rst
+++ b/design-documents/010-exchange-helpers.rst
@@ -42,6 +42,12 @@ running under a different user ID (UID), creating in effect a software
security module. The exchange's HTTP process will be required to interact
with those helpers via a UNIX domain socket.
+Socket permission details:
+
+* The socket will be chmod 0620 (u+rw, g+w) regardless of umask.
+* That the group is the same group of the crypto helpers must
+ still be ensured by the operator.
+
General design details:
* The helpers will process requests from the exchange to sign and revoke keys.