Extend script to change user permissions?

[poVoq]

Sorry for the strictly speaking off topic question, but how would I go about extending the script for cron to also change the unix file type permission?

I would like to automate the certificate extraction for my ejabberd XMPP server which runs as non-root user.

Or is there an easier way to do it? Thanks for the help :)

[koshatul]

Off the top of my head:

find out what user ejabberd runs as, I checked the ubuntu package and for xenial it was ejabberd.

Make sure the directory exists where you'll put the certificates (the blog post Securing ejabberd with TLS encryption says /etc/ssl/ejabberd, so run mkdir -p /etc/ssl/ejabberd and chown ejabberd:ejabberd /etc/ssl/ejabberd).

Change xmpp.domain.com as needed in the following.

traefik-acme --exit-code -a /config/acme.json -c /etc/ssl/ejabberd/xmpp.example.com.pem -k /etc/ssl/ejabberd/xmpp.example.com-key.pem xmpp.example.com
if [ $? == 99 ]; then
    chown ejabberd:ejabberd /etc/ssl/ejabberd/xmpp.example.com.pem
    chown ejabberd:ejabberd /etc/ssl/ejabberd/xmpp.example.com-key.pem
    systemctl reload ejabberd
fi

Put that somewhere and run that as a cron job.