httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joseph S D Yao <j...@tux.org>
Subject Re: [users@httpd] How to start Apache automatically with certificate?
Date Fri, 29 Aug 2008 06:05:04 GMT
On Fri, Aug 29, 2008 at 01:39:06AM -0400, Joseph S D Yao wrote:
> On Thu, Aug 28, 2008 at 05:42:59PM -0400, Eric Covener wrote:
> ...
> > root-owned private key sure sounds wiser to me.
> ...
> 
> 
> Tell me three good reasons why.  Bad ones don't count.
> 
> There is nothing special about a file that is owned by root vs. another
> UID.  There is a PROBLEM, that you must be root to do anything with that
> file.
> 
> If 'httpd' is run as user "apache", as it should be on any
> well-regulated system, then a file that is readable only by root will
> not be usable by it.  It will be USELESS.


Even if 'httpd' is still running as root when reading the cert, and so
able to use it, it is still a bad idea to have it OWNED by root - you
still have to have super-user powers to maintain it.  Bad, bad, bad,
bad, bad.


-- 
/*********************************************************************\
**
** Joe Yao				jsdy@tux.org - Joseph S. D. Yao
**
\*********************************************************************/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message