Joseph S D Yao wrote:
On Thu, Aug 28, 2008 at 10:31:42AM -0300, Tan, Liao wrote:Ok, ic I can simply remove the passphrase, and provided the new key be readabale by root only, I should not have any security problems... is it simply remove it? or any other settings, configuratios, re-installation?It should not be owned by root, because you should not be running your server as root. You should be running your servers as some other user, say, "apache", and so the uncloaked cert files should be stored as read-only by "apache".
Yes, and the server should be *started* as root, User/Group modified to a limited access account (e.g. apache, or nobody), all system resources initially created and owned by root (e.g. logs/, certs etc), and the appropriate access control granted to the apache/nobody user (no write access to logs/, no read access to keys). There are logs that are dynamically created, give your apache user write access to a logs/safe/ directory to put those into. But the logs/ dir should never be modifiable by the apache user. Similarly the certs dir should never be readable by the apache user. If you start your server (e.g. launch it) from the 'apache' user account, it's impossible to keep the running server from manipulating the logs/ directory etc, or accessing keys files, etc. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|