opendkim Permission Denied when loading the key - ubuntu-14.04

I have installed opendkim to my Ubuntu server 14.04.4 LTS. I have set into the postfix config to be used the opendkim previous created mail.private key.
When I try to send a mail I see the following messages into the /var/log/mai.log file
Jan 29 09:19:47 test postfix/smtpd[2427]: connect from ip6localhost[127.0.0.1]
Jan 29 09:19:47 test postfix/smtpd[2427]: 625E3E0FE7: client=ip6-localhost[127.0.0.1]
Jan 29 09:19:47 test postfix/cleanup[2431]: 625E3E0FE7: message-id=<890ba29cd6ef289c50581335723ccdb9[edited domain]>
Jan 29 09:19:47 test opendkim[1370]: can't load key from /etc/opendkim/keys/mail.private: Permission denied
Jan 29 09:19:47 test opendkim[1370]: 625E3E0FE7: error loading key 'mail._[edited domain]'
The key was stored into the folder /etc/opendkim/keys
root#test:/home/crewlog.com# ls -l /etc/opendkim
total 16
drw------- 2 opendkim opendkim 4096 Jan 29 07:49 keys
-rw-r----- 1 opendkim opendkim 891 Jan 29 07:48 mail.private
-rw------- 1 opendkim opendkim 67 Jan 29 08:01 KeyTable
-rw------- 1 opendkim opendkim 32 Jan 29 07:47 SigningTable
-rw------- 1 opendkim opendkim 81 Jan 29 07:19 TrustedHosts
I used the opendkim:opendkim user. Here is my /etc/opendkim.config file
AutoRestart Yes
AutoRestartRate 10/1h
Syslog yes
UMask 002
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
UserID opendkim:opendkim
Mode sv
OversignHeaders From
Domain [edited domain]
KeyFile /etc/opendkim/keys/mail.private
Selector mail
SOCKET inet:8891#127.0.0.1
Any help will be welcomed as I don't know what I am doing wrong

You have the mail.private in the wrong directory, it's looking in the keys directory for mail.private.
Move mail.private into the keys directory and make sure opendkim has permission to read the file.

Related

PostgreSQL create extension mongo_fdw

I want to connect a PostgreSQL database with a MongoDB by using Mongo_fdw. After following this instruction to install mongo_fdw with the autogen.sh script on Ubuntu 22.04 LTS, I wanted to check the connection and ran CREATE EXTENSION mongo_fdw; in my database, but the following error occured:
ERROR: could not access file "$libdir/mongo_fdw": No such file or directory
Searchig for a solution I found this page on GitHub, where the same error is discussed. Following the recommendations there, I checked pg_config --version, pg_config --libdir and pg_config --sharedir with the following results:
$ pg_config --version
PostgreSQL 12.9
$ pg_config --libdir
/home/qgis/anaconda3/lib
$ pg_config --sharedir
/home/qgis/anaconda3/share
When I check /home/qgis/anaconda3/share/extension I get the following files:
drwxrwxr-x 2 qgis qgis 4096 Feb 1 10:58 ./
drwxrwxr-x 32 qgis qgis 4096 Jan 18 10:28 ../
-rw-r--r-- 1 root root 157 Feb 1 10:58 mongo_fdw--1.0--1.1.sql
-rw-r--r-- 1 root root 593 Feb 1 10:58 mongo_fdw--1.0.sql
-rw-r--r-- 1 root root 709 Feb 1 10:58 mongo_fdw--1.1.sql
-rw-r--r-- 1 root root 274 Feb 1 10:58 mongo_fdw.control
-rw-rw-r-- 2 qgis qgis 310 Jun 24 2022 plpgsql--1.0.sql
-rw-rw-r-- 2 qgis qgis 179 Jun 24 2022 plpgsql.control
-rw-rw-r-- 2 qgis qgis 370 Jun 24 2022 plpgsql--unpackaged--1.0.sql
I also ran ldconfig as it is recommended on the GitHub page but with no results.
Does someone has an idea how to solve this error?
Thanks in advance!
You have to specify the correct pg_config when building the software, probably
make PG_CONFIG=/usr/lib/postgresql/14/bin/pg_config
That file should exist if you installed the package with the C headers, which is typically called "devel" or "dev" or similar.

npm ERR! Load key "/opt/app-root/src/.ssh/id_rsa": bad permissions in OCP S2I build

I have node applications where some dependency git repos specified in package.json and deploying using S2I in OCP. To clone the repos I have mounted the sshkey as a secret into /opt/app-root/src/.ssh .. But the permissions are coming default 6 to group that is root. And failing with error npm ERR! Load key "/opt/app-root/src/.ssh/id_rsa": bad permissions. Couple of suggestions from different git links are 1. Use hostpath 2. Runas root 3. Set fsGroup. How can I apply any of these changes into buildConfig? What ever I set in deployConfig is not reflecting for build.
ls -lasL /opt/app-root/src/.ssh
total 20
0 drwxr-xr-x. 3 default root 92 Jan 20 17:35 .
0 drwxrwxr-x. 1 default root 18 Jan 20 17:35 ..
0 drwxr-xr-x. 2 default root 39 Jan 20 17:35 ..2023_01_20_17_35_25.328954621
0 drwxr-xr-x. 2 default root 39 Jan 20 17:35 ..data
4 -rw-------. 1 default root 2610 Jan 20 17:35 id_rsa
16 -rw-------. 1 default root 12403 Jan 20 17:35 known_hosts

Which certificate from Let's Encrypt does a website use for HTTPS?

I have a website that was set up to use https using a certificate from Let's Encrypt. I am trying to add that certificate to a keystore to use https with a dropwizzard API. The problem I am having is that there are multiple certificates.
My question is how can I figure out which of the certificates my website uses so that I could use that for the API as well?
In /etc/ssl/certs this is what shows up:
lrwxrwxrwx 1 root root 49 Nov 20 2017 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
-rw-r--r-- 1 root root 885625 Apr 12 00:27 ca-bundle.crt.rpmnew
lrwxrwxrwx 1 root root 55 Nov 20 2017 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-r--r-- 1 root root 1059673 Apr 12 00:27 ca-bundle.trust.crt.rpmnew
-rw------- 1 root root 1586 Dec 15 2017 localhost.crt
-rwxr-xr-x 1 root root 610 Aug 17 17:16 make-dummy-cert
-rw-r--r-- 1 root root 2516 Aug 17 17:16 Makefile
-rwxr-xr-x 1 root root 829 Aug 17 17:16 renew-dummy-cert
After looking more closely at the config files like Patrick had suggested I found the config file in /etc/httpd/conf.d/ssl.conf that had the path to where the certificate and private key were.
You can have a look at your vhost file to see the path to the physical ssl cert files being used by the website. The vhost is likely going to be at /etc/apache2/sites-available/ .

Where can I find the private key for my ca.crt file

i setup a kubernetes cluster on azure with the azure-container-service cli (az acs create). The cluster is up and running and it seems to work fine. Now I want to sign client certificates with my kubernetes CA which was created on installation. In my understanding i need the ca certificate (which is hand over to the kubernetes api server with --client-ca-file=) and the private key from this ca file to sign a new client certificate. The Problem is I can't find the private key for my CA file.
Where can i find the private key?
Can i sign client certs for my developer without this private key?
Is the setup process of azure-container-service broken when the private key is lost?
Are these the one that you are looking for??
azureuser#k8s-master-9XXXXX-0:~$ ls -la /etc/kubernetes/certs/
total 28
drwxr-xr-x 2 root root 4096 Mar 14 20:59 .
drwxr-xr-x 5 root root 4096 Mar 14 20:59 ..
-rw-r--r-- 1 root root 1600 Mar 14 20:58 apiserver.crt
-rw-r--r-- 1 root root 2048 Mar 14 20:59 apiserver.key
-rw-r--r-- 1 root root 1182 Mar 14 20:58 ca.crt
-rw-r--r-- 1 root root 1202 Mar 14 20:58 client.crt
-rw-r--r-- 1 root root 2048 Mar 14 20:59 client.key

svn permission issue - txn-current-lock: Permission denied

I setup svn on my local system /svn/repos/myproject by following this tutorial. I'm able to view the repo in browser.
But when it try to import new project I couldn't through svn client ( rapid svn ) it shows following error:
Execute: Import
Error while performing action:
Can't open file '/svn/repos/myproject/db/txn-current-lock': Permission denied
Svn directory permissions:
→ ls -l /svn
total 12
drwxrwxr-x 2 root root 4096 Feb 15 12:09 permissions
drwxrwxr-x 4 apache apache 4096 Feb 15 12:09 repos
drwxrwxr-x 2 root root 4096 Feb 15 12:09 users
Repo directory:
→ ls -l
total 8
drwxrwxr-x 3 root root 4096 Feb 15 12:09 conf
drwxrwxr-x 7 apache apache 4096 Feb 15 12:09 myproject
How to solve this issue?
I've given 777 permission to repos directory which solved this issue. But i got another issue like Couldn't perform atomic initialization.
I think this is due to incompatible sqlite version with subversion we're using, this can be solved by updating svnadmin command,
svnadmin create --pre-1.6-compatible --fs-type fsfs /svn/repos/myproject

Resources