On Thu, Sep 4, 2008 at 4:21 PM, Joseph S D Yao <jsdy@xxxxxxx> wrote: >> The refutation is that in order to bind to port 80, have access to keys, >> etc, httpd must start as root. If the conf files are owned by an "wwwadmin" >> role user, that's fine, it's one degree removed from root. ... > > > Which is all I've been saying. Thanks for finally agreeing. That's not all you've been saying. | You should be running your servers as some other user, say, "apache", | and so the uncloaked cert files should be stored as read-only by "apache". -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|