You are viewing a plain text version of this content. The canonical link for it is here.

Posted to docs@httpd.apache.org by bu...@apache.org on 2012/04/05 13:25:31 UTC

DO NOT REPLY [Bug 53037] New: clarify mod_ssl documentation on the UID/GID context under which PKI related files are loaded and whether they are reloaded periodically

https://issues.apache.org/bugzilla/show_bug.cgi?id=53037

             Bug #: 53037
           Summary: clarify mod_ssl documentation on the UID/GID context
                    under which PKI related files are loaded and whether
                    they are reloaded periodically
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Documentation
        AssignedTo: docs@httpd.apache.org
        ReportedBy: calestyo@scientia.net
    Classification: Unclassified


Hi.

This originates out of bug #52630...

May I suggest to clarify mod_ssl's documentation a bit:
As far as I understand,  Apache starts as user root and after some
initialisation suids to some other user (e.g. www-data or so).

I must assume, that mod_ssl already loads some of its files in the root-user
context, because all the host certificates/keys, i.e. the files specified by:
- SSLCertificateFile
- SSLCertificateKeyFile
- SSLCertificateChainFile
were then root owned (and root-only readable), too.

But apparently (which is why I had all the troubles above) this is different
for some/all of the files specified by:
- SSLCACertificateFile/Path
- SSLCADNRequestFile/Path
- SSLCARevocationFile/Path
and they are read as (e.g.) www-data.


So could you please add information to mod_ssl's documentation for ALL of the 9
directives mentioned above:
a) under which context the files are read (root or apache-user)
b) whether they are constantly re-read or not
This is not only important as the they suid has already happened "later" but
also in general, as these files may change and people want to know whether they
have to restart the server for changes to get noticed.


Cheers,
Chris.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

DO NOT REPLY [Bug 53037] clarify mod_ssl documentation on the UID/GID context under which PKI related files are loaded and whether they are reloaded periodically

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=53037

Eric Covener <co...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|normal                      |enhancement

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org