httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joseph S D Yao <>
Subject Re: [users@httpd] How to start Apache automatically with certificate?
Date Fri, 29 Aug 2008 06:05:04 GMT
On Fri, Aug 29, 2008 at 01:39:06AM -0400, Joseph S D Yao wrote:
> On Thu, Aug 28, 2008 at 05:42:59PM -0400, Eric Covener wrote:
> ...
> > root-owned private key sure sounds wiser to me.
> ...
> Tell me three good reasons why.  Bad ones don't count.
> There is nothing special about a file that is owned by root vs. another
> UID.  There is a PROBLEM, that you must be root to do anything with that
> file.
> If 'httpd' is run as user "apache", as it should be on any
> well-regulated system, then a file that is readable only by root will
> not be usable by it.  It will be USELESS.

Even if 'httpd' is still running as root when reading the cert, and so
able to use it, it is still a bad idea to have it OWNED by root - you
still have to have super-user powers to maintain it.  Bad, bad, bad,
bad, bad.

** Joe Yao - Joseph S. D. Yao

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message