External Account Binding data in /etc/apache2/md/accounts/*/account.json is world-readable

[zibboehmert]

Apache Module mod_md > MDExternalAccountBinding Directive says:

Since these values allow anyone to register under the same account, it is advisable to give the configuration file restricted permissions, e.g. root only.

But eab data in /etc/apache2/md/accounts/*/account.json is world-readable!

Should be advisable to give these configuration files restricted permissions, too, but it looks like mod_md does raise permissions denied errors, if doing so.

How can we fix owner/permissions of /etc/apache2/md/ to not be world-readable?

[icing]

@zibboehmert you are correct. This seems to have been overlooked in the EAB implementation.