File: perm.example

package info (click to toggle)
acmetool 0.2.2-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 792 kB
  • sloc: sh: 349; makefile: 105
file content (63 lines) | stat: -rw-r--r-- 2,527 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# In some rare cases it can be necessary to override the permissions that
# acmetool sets on files. You can override those permissions using the
# permissions configuration file, which should be placed at
# $ACME_STATE_DIR/conf/perm. This is an example of such a file. You should be
# very careful when using this file, and only include the minimum changes that
# you need to make.
#
# Each line has the following syntax:
#   path-pattern  file-mode  dir-mode  [uid gid]
#
# For example:
#   keys          0640 0750
# or
#   keys          0640 0750 root exim
#
# If you specify a UID, you must also specify a GID and vice versa.
# UIDs and GIDs can be specified numerically, and on some platforms
# they may also be specifiable as names.
#
# The special UID/GID value "$r" means the current UID/GID of the running
# acmetool process; you can use this to ensure that the file UID/GID is
# enforced to the user which acmetool runs as.
#
# Not specifying UID/GID values, or specifying both as "-", means that acmetool
# will not pay attention to file ownership. Files will be created with their
# "natural" owner (i.e., the UID/GID under which acmetool is running).
#
# Mode enforcement cannot be disabled.
#
# Nothing acmetool does should affect POSIX ACLs, if you wish to use them.
#
# A path-pattern is a glob pattern. Specifying the same path-pattern as a built
# in permissions rule overrides that rule. You cannot place two entries for
# the same path-pattern in this file. acmetool uses the longest matching pattern
# when deciding what rule to use when enforcing permissions.
#
# The default rules are shown below:
#
#   .                0644 0750  # Default for anything without a longer match
#   accounts         0600 0700
#   desired          0644 0755
#   live             0644 0755
#   certs            0644 0755
#   certs/*/haproxy  0600 0700  # Support for the HAProxy extension; contains private keys
#   keys             0600 0700
#   conf             0644 0755
#   tmp              0600 0700  # Do NOT change this
#
# If you wish to disable a path-pattern rule allowing policy to be inherited
# from a shorter match, you can do this using the special keyword 'inherit':
#
#   path-pattern inherit
#
# For example, maybe you want to make the whole directory restricted:
#   .    0600 0700
#   accounts inherit
#   certs inherit
#   conf inherit
#   desired inherit
#   keys inherit
#
# Again, you should rarely ever need to use this file. When you use this file,
# add only the entries that you absolutely need.