Hi, I prefer to do all work as my regular user login, because this makes it easy for components (such as my shell) to integrate with the desktop. Currently it seems func out of the box requires uid 0 just to access the certificates stored in /etc/pki. Proposed solution here is to use ACLs, since they're simple and don't require any changes to code. setfacl -d -R -m 'u:walters:rX' /etc/pki/func/ setfacl -R -m 'u:walters:rX' /etc/pki/func Other alternatives would be for the certmaster could to have an interface to read certificates, and add say allowed_uids to the config file. This would in theory allow you to have certificates stored on one machine, and run func from another. Though I guess in that case you'd want some way to encrypt your certificates =) Or maybe there's another solution. The problem isn't specific to func really, it's more just an instance of "How do I control access to the system PKI data?", and seeing as that seems to come down to the filesystem controls, it makes sense to use ACLs. _______________________________________________ Func-list mailing list Func-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/func-list
