On Thu, Aug 28, 2008 at 05:42:59PM -0400, Eric Covener wrote: ... > root-owned private key sure sounds wiser to me. ... Tell me three good reasons why. Bad ones don't count. There is nothing special about a file that is owned by root vs. another UID. There is a PROBLEM, that you must be root to do anything with that file. If 'httpd' is run as user "apache", as it should be on any well-regulated system, then a file that is readable only by root will not be usable by it. It will be USELESS. > There are lots of files you don't want to be owned, or modifiable, by > non-root users. This is a good thing. By non-root USERS, yes, absolutely. Who said anything about users? I'm talking about a SYSTEM account. Again, there is ABSOLUTELY NOTHING SPECIAL about a file that is owned by root, except that to do anything with it, you have to have super-user powers, which YOU SHOULD NEVER DO! They are DANGEROUS. -- /*********************************************************************\ ** ** Joe Yao jsdy@xxxxxxx - Joseph S. D. Yao ** \*********************************************************************/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|