httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joseph S D Yao <j...@tux.org>
Subject Re: [users@httpd] How to start Apache automatically with certificate?
Date Fri, 29 Aug 2008 05:39:06 GMT
On Thu, Aug 28, 2008 at 05:42:59PM -0400, Eric Covener wrote:
...
> root-owned private key sure sounds wiser to me.
...


Tell me three good reasons why.  Bad ones don't count.

There is nothing special about a file that is owned by root vs. another
UID.  There is a PROBLEM, that you must be root to do anything with that
file.

If 'httpd' is run as user "apache", as it should be on any
well-regulated system, then a file that is readable only by root will
not be usable by it.  It will be USELESS.


> There are lots of files you don't want to be owned, or modifiable, by
> non-root users.  This is a good thing.


By non-root USERS, yes, absolutely.  Who said anything about users?  I'm
talking about a SYSTEM account.

Again, there is ABSOLUTELY NOTHING SPECIAL about a file that is owned by
root, except that to do anything with it, you have to have super-user
powers, which YOU SHOULD NEVER DO!  They are DANGEROUS.


-- 
/*********************************************************************\
**
** Joe Yao				jsdy@tux.org - Joseph S. D. Yao
**
\*********************************************************************/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message