On Debian, there’s a group named ssl-cert which grants access to TLS certificates and private keys, so that services that don’t run as the root user can still use TLS certificates. For example, the PostgreSQL Debian package installs PostgreSQL to run as a user named postgres, which is a member of the ssl-cert group, and so it can use certificates and private keys in /etc/ssl.
The certbot Let’s Encrypt client, by default, makes the certificates and private keys it installs only readable by the root user. Read More...
Dnsmasq can be configured to add various types of records like SRV, PTR, and NAPTR to its internal DNS server by various directives in its configuration file. But what if there’s a less common type of DNS record that you want to serve, which dnsmasq doesn’t have a specific configuration directive to handle?
Handily, dnsmasq also supports serving arbitrary DNS resource records using the dns-rr option. However you have to supply the binary value of the response encoded in hexadecimal. Read More...
