When I sshed into my server today, it said I had mail. I checked /var/mail/{myuser} and got a mail from caddy. The title was “SECURITY information for {hostname}”. The message was this.
caddy : user NOT in sudoers ; PWD=/ ; USER=root ; COMMAND=/usr/bin/tee /usr/local/share/ca-certificates/Caddy_Local_Authority_-_2025_ECC_Root_31435960950297150297199787413716908247066220.crt
I’m still learning this self-hosting thing, I know enough to set stuff up but I still know barely anything about security, and the message looks kinda scary, so I would like to know what it means, thanks in advance. Note that I was messing around with Caddy and stuff yesterday, so maybe that has something to do with it, but I’m not sure.
Yeah I think it’s just a false alarm.
I would suggest looking into how sudoers works. I might just be that you asked caddy to do something that required root and forgot to sudo the command ?
Still double check the timestamp and verify that it was when you tinkered. Use “history” to look for previous commands and maybe the timestamp ?
The way I see it something (probably caddy) wanted to check a TLS certificate and had to concatenate all the certificate authorities to check if an adequate CA was there. And it failed to access what looks like a local CA that is autosigned ? Still worth checking your CA has adequate / similar permission as the others.