sftdyn | Self-hosted dyndns/dynamic DNS server and updater for bind | DNS library
kandi X-RAY | sftdyn Summary
kandi X-RAY | sftdyn Summary
This software was written after the free dyndns.org service was shut down. After a week or so of using plain nsupdate, we were annoyed enough to decide to write this. The main goal of this tool is to stay as minimal as possible; for example, we deliberately didn't implement a way to specify the hostname or IP that you want to update; just a simple secret update key is perfectly good for the intended purpose. If you feel like it, you can make the update key look like a more complex request; every character is allowed. Example: host=test.sft.mx,key=90bbd8698198ea76.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Parse CLI options
- Return an argument parser
- Convert a string to IP address
- Setup logging
- Clamp a number to the given number
- Handle request
- Handle a nsupdate request
- Start listening for events
sftdyn Key Features
sftdyn Examples and Code Snippets
Community Discussions
Trending Discussions on sftdyn
QUESTION
Multiple daemon applications would like to access the same TLS certificates (or chain, or private) keys.
- NGINX wants to access /etc/letsencrypt/live/example.org/privkey.pem
- So does Apache.
- And BIND.
- And my favorite [sftdyn] Github package.
And they all run their daemon with different GID and group name.
My attempts at securing the private key in a safe manner, yet sharing it across different daemons (having their own GID) with the following various approaches (and some later nixed) are:
Set file permission to "blaze of glory"
chmod a+rwx
. This got nixed because it reveals the secret privkey.pem file to the entire filesystem.Create a new group
keys
and addnginx
,apache
,named
(orbind
), andsftdyn
group to thekeys
group in /etc/group (or usingadduser nginx keys
). Use newkeys
group on the PEM files. Then cap PEM files' permission withchmod 0640
.Use
setfacl
.
Which of 2 or 3 is best to address this thorny issue?
...ANSWER
Answered 2018-Aug-08 at 02:29System admin side of me believes strongly in "keep it simple" and says to do it via the "keys" group (or ssldaemons or whatever you want to name it - I think group names should describe the membership or purpose if possible) and regular old boring file system permissions.
On the other hand, if you are already using ACLs then using just another ACL rule or three would fit better into your work flow/policy/admin style.
If you aren't using ACLs already, then I wouldn't head down that road - no need to make things excessively complex. Unless of course you need an excuse to management to do it :)
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install sftdyn
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page