keymgr import-KEY file needs to be readable by knot
I migrated some keys from another server and used
keymgr import-pem PEM_file [arguments...] to import the previous key. This constantly failed with the error message:
Error (operation not permitted)
strace I figured out that the PEM file needs to be readable by the user knot.
This was at first unexpected as I was running
keymgr as root.
I guess this problem applies to other import key commands such as
There is a hint to this problem in Knot DNS for BIND users which mentions the use of
sudo -u knot keymgr ....
Please make a notice in the
keymgr documentation that the to be imported key needs to be readable by the user knot. If not in the commands description (e.g. of
import-pem) then a hint in the Examples section of the
keymgr documentation would help as well.