http://bugzilla.opensuse.org/show_bug.cgi?id=965037 Bug ID: 965037 Summary: unbount-anchor root key should be world-readable Classification: openSUSE Product: openSUSE Tumbleweed Version: 2015* Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: bjacke@samba.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- while testing gnutls with dane support I noticed an error due to unbound-anchor root key permission error. The DNSsec root key is only readable by user/group unbound. It should be readable by everybody. [1454547105] libunbound[11647:0] error: error opening file /var/lib/unbound/root.key: Permission denied [1454547105] libunbound[11647:0] error: error reading trust-anchor-file: /var/lib/unbound/root.key [1454547105] libunbound[11647:0] error: validator: error in trustanchors config [1454547105] libunbound[11647:0] error: validator: could not apply configuration settings. [1454547105] libunbound[11647:0] error: module init for module validator failed -- You are receiving this mail because: You are on the CC list for the bug.