I am setting up Mosquitto to run in a container. The certificates are stored in a somewhat secure location but to be even more secure I want the appropriate user/group/permissions set for the .key file.
Currently, the only thing I get to work is if I set read access for all. I guess it should be read acces for whatever group the mosquitto (or docker) group is in?
What is the appropriate user, group and permissions for the .key file that the mosquitto (running in a docker container) needs access to?
CodePudding user response:
From the Dockerfile
addgroup -S -g 1883 mosquitto 2>/dev/null && \
adduser -S -u 1883 -D -H -h /var/empty -s /sbin/nologin -G mosquitto -g mosquitto mosquitto 2>/dev/null && \
We can see that the mosquitto
user is created with the uid/gid of 1883/1883 respectively
So files should be owned/readable by those ids