On 7/31/23 17:18, Nils Kattenbeck wrote:
Huh, I am actually surprised to discover that httpd does not watch these files itself.
To be honest, I never even considered the posibility that it might do that. Unfortunately, testing reveals that it doesn't do so.
Regardless, I think the systemd way to achieve this would be to use path units, though I gotta admit that I have not played with them myself yet: https://www.freedesktop.org/software/systemd/man/systemd.path.html <https://www.freedesktop.org/software/systemd/man/systemd.path.html>
I had honestly forgotten that those exist. Looks very promising.
Alternative you could likely write custom polkit policies which would allow your script to reload https without elevated privileges. Not sure if there is an easier way to do this.
That sounds painful! A path unit definitely sounds the the way to go any way, because I'd prefer not to give that level of permission to an unprivileged service. Thanks! -- ======================================================================== Google Where SkyNet meets Idiocracy ========================================================================
