httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joseph S D Yao <>
Subject Re: [users@httpd] How to start Apache automatically with certificate?
Date Thu, 04 Sep 2008 16:49:36 GMT
On Thu, Sep 04, 2008 at 07:55:09AM +0200, Krist van Besien wrote:
> On Wed, Sep 3, 2008 at 18:12, Joseph S D Yao <> wrote:
> > Doing everything as root is just plain bad security.  Plan around it.
> That is why sudo is so convenient. I never meant that you would need
> to do everything as root, only that you needed to be able to do things
> as root. I almost never do a su - root, and use sudo almost whenever I
> need root powers.
> I keep my config files writable only by root, and use sudoedit to edit
> them. I use sudo apachectl to restart apache etc...

Sudo without "-u ..." is root.  Plan how to do without it.  Does it
matter whether you say:
	$ su
	# cd /
	# ls tmp/"temp files "*
	# rm -rf tmp/"temp files" *
	$ cd /
	$ ls tmp/"temp files "*
	$ sudo rm -rf tmp/"temp files" *
?  Either way, you're history.

Have your files owned by a system account and readable by the Web
server account, and 'su' or 'sudo' to that account to RCS control and
edit them.

Then again, this may be a level of effort too great for casual Web sites
that can be easily reconstructed by hand, and where it doesn't really
matter if it is off the Web for a while.  For such personal-use systems,
doing everything as "root" is fine, since the only one upset with you if
you make such a mistake, will be you.  ;-)

** Joe Yao - Joseph S. D. Yao

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message