On Fri, Aug 29, 2008 at 01:39:06AM -0400, Joseph S D Yao wrote: > On Thu, Aug 28, 2008 at 05:42:59PM -0400, Eric Covener wrote: > ... > > root-owned private key sure sounds wiser to me. > ... > > > Tell me three good reasons why. Bad ones don't count. > > There is nothing special about a file that is owned by root vs. another > UID. There is a PROBLEM, that you must be root to do anything with that > file. > > If 'httpd' is run as user "apache", as it should be on any > well-regulated system, then a file that is readable only by root will > not be usable by it. It will be USELESS. Even if 'httpd' is still running as root when reading the cert, and so able to use it, it is still a bad idea to have it OWNED by root - you still have to have super-user powers to maintain it. Bad, bad, bad, bad, bad. -- /*********************************************************************\ ** ** Joe Yao jsdy@xxxxxxx - Joseph S. D. Yao ** \*********************************************************************/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|