Login | Register For Free | Help	Search this list this category for: (Advanced)

Mailing List Archive: Apache: Docs DO NOT REPLY [Bug 53037] New: clarify mod_ssl documentation on the UID/GID context under which PKI related files are loaded and whether they are reloaded periodically   Index | Next | Previous | View Flat

bugzilla at apache Apr 5, 2012, 4:25 AM Views: 97 Permalink DO NOT REPLY [Bug 53037] New: clarify mod_ssl documentation on the UID/GID context under which PKI related files are loaded and whether they are reloaded periodically https://issues.apache.org/bugzilla/show_bug.cgi?id=53037 Bug #: 53037 Summary: clarify mod_ssl documentation on the UID/GID context under which PKI related files are loaded and whether they are reloaded periodically Product: Apache httpd-2 Version: 2.5-HEAD Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: docs [at] httpd ReportedBy: calestyo [at] scientia Classification: Unclassified Hi. This originates out of bug #52630... May I suggest to clarify mod_ssl's documentation a bit: As far as I understand, Apache starts as user root and after some initialisation suids to some other user (e.g. www-data or so). I must assume, that mod_ssl already loads some of its files in the root-user context, because all the host certificates/keys, i.e. the files specified by: - SSLCertificateFile - SSLCertificateKeyFile - SSLCertificateChainFile were then root owned (and root-only readable), too. But apparently (which is why I had all the troubles above) this is different for some/all of the files specified by: - SSLCACertificateFile/Path - SSLCADNRequestFile/Path - SSLCARevocationFile/Path and they are read as (e.g.) www-data. So could you please add information to mod_ssl's documentation for ALL of the 9 directives mentioned above: a) under which context the files are read (root or apache-user) b) whether they are constantly re-read or not This is not only important as the they suid has already happened "later" but also in general, as these files may change and people want to know whether they have to restart the server for changes to get noticed. Cheers, Chris. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscribe [at] httpd For additional commands, e-mail: docs-help [at] httpd

Subject User Time DO NOT REPLY [Bug 53037] New: clarify mod_ssl documentation on the UID/GID context under which PKI related files are loaded and whether they are reloaded periodically bugzilla at apache Apr 5, 2012, 4:25 AM

Index | Next | Previous | View Flat   Apache     Announce     Users     Dev     Bugs     CVS     Docs

Interested in having your list archived? Contact Gossamer Threads
 

Web Applications & Managed Hosting Powered by Gossamer Threads Inc.