When I sshed into my server today, it said I had mail. I checked /var/mail/{myuser} and got a mail from caddy. The title was “SECURITY information for {hostname}”. The message was this.

caddy : user NOT in sudoers ; PWD=/ ; USER=root ; COMMAND=/usr/bin/tee /usr/local/share/ca-certificates/Caddy_Local_Authority_-_2025_ECC_Root_31435960950297150297199787413716908247066220.crt

I’m still learning this self-hosting thing, I know enough to set stuff up but I still know barely anything about security, and the message looks kinda scary, so I would like to know what it means, thanks in advance. Note that I was messing around with Caddy and stuff yesterday, so maybe that has something to do with it, but I’m not sure.

  • rtxn@lemmy.worldEnglish
    5·
    1 month ago

    I can’t believe it. The incident has actually been reported!

    I don’t use Caddy, but it seems like it tried to generate and write a TLS certificate into /usr/local, but didn’t have the necessary permissions. Basically it tried to use sudo tee ... to write a file. Is Caddy running in a container? If it is, you might need to create a volume at /usr/local/share/ca-certificates. If not in a container, you’ll need to grant the caddy user write permissions in that directory.

    But to answer your question directly, it’s not a cause for concern. You’re not getting hacked, it’s just a configuration error.