diff options
author | Stefan Kügel <skuegel@web.de> | 2021-01-11 22:16:21 +0100 |
---|---|---|
committer | Stefan Kügel <skuegel@web.de> | 2021-01-11 22:16:21 +0100 |
commit | a050504fd0a26fd40abf653450ee3deae807266b (patch) | |
tree | e61a9548bde9bb00aec937ebf514e47300d9b9e9 /design-documents | |
parent | ee35dab4b592b720138976d1fef65ca8de6d7c36 (diff) | |
parent | 675294b4f107a2026fdc3858850323ff10e6f2bf (diff) | |
download | docs-a050504fd0a26fd40abf653450ee3deae807266b.tar.gz docs-a050504fd0a26fd40abf653450ee3deae807266b.tar.bz2 docs-a050504fd0a26fd40abf653450ee3deae807266b.zip |
Merge branch 'master' of ssh://git.taler.net/docs
Diffstat (limited to 'design-documents')
-rw-r--r-- | design-documents/010-exchange-helpers.rst | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/design-documents/010-exchange-helpers.rst b/design-documents/010-exchange-helpers.rst index a2999487..a304d8ec 100644 --- a/design-documents/010-exchange-helpers.rst +++ b/design-documents/010-exchange-helpers.rst @@ -42,6 +42,12 @@ running under a different user ID (UID), creating in effect a software security module. The exchange's HTTP process will be required to interact with those helpers via a UNIX domain socket. +Socket permission details: + +* The socket will be chmod 0620 (u+rw, g+w) regardless of umask. +* That the group is the same group of the crypto helpers must + still be ensured by the operator. + General design details: * The helpers will process requests from the exchange to sign and revoke keys. |