httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joseph S D Yao <j...@tux.org>
Subject Re: [users@httpd] How to start Apache automatically with certificate?
Date Thu, 04 Sep 2008 20:51:47 GMT
On Thu, Sep 04, 2008 at 04:35:53PM -0400, Eric Covener wrote:
...
> That's not all you've been saying.
> 
> | You should be running your servers as some other user, say, "apache",
> | and so the uncloaked cert files should be stored as read-only by "apache".


I did note at one point that my original note had been dashed off
hastily, and that it had some flaws.  For this I apologize.

If you are running your Web server as the account "apache" then, as has
been pointed out, you should have your content files owned by, say
"wwwadmin" [to use the most recent suggestion].  The cert files can be
owned by the same account or, better, another one that is solely for the
certs rather than the Web content updaters, if this is a multi-person
show.


I did figure someone would point out that I'd said more words than those
in the last entry.  I really don't want to add any more to this topic.
If anyone else can stand up and say that THEY have admin'ed Unix, Linux,
BSD, etc. for over 35 years, and NEVER seen a mistake made worse because
the person making the mistake was su'ed or sudo'ed to root, then I will
applaud that person's good luck - SILENTLY.


-- 
/*********************************************************************\
**
** Joe Yao				jsdy@tux.org - Joseph S. D. Yao
**
\*********************************************************************/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message