On Tue, Mar 01, 2005 at 12:40:52PM +0100, Michael Bell wrote: > Date: Tue, 01 Mar 2005 12:40:52 +0100 > From: Michael Bell <[EMAIL PROTECTED]> > To: [email protected] > Reply-To: [email protected] > Subject: Re: [OpenCA-Devel] httpd-user vs openca-user > > Alexei Chetroi wrote: > > > Actually not. Current Debian packaging runs openca server with the > >same uid as web server, and I didn't like idea that web-server can > >access openca's data. Running them at different uids seems more > >appropiate to me. > > It looks like the configuration parameters does not make the way to the > daemon concept. Today it is not necessary to give the apache any rights > except from read on openca's files and directories. I think it is not > required to have any files with the httpd user and group. > > Perhaps we should rename the httpd parameters to --with-daemon-user and > group. This is perhaps the more correct way. We cannot change the names > for 0.9.2 - only the semantic. We can change the names only on CVS HEAD.
IMHO there's no necessity. Debian packaging configures openca with "--with-openca-user" and "--with-openca-group" set to uid/gid of apache. I thought there was a reason for that. Now I see that we can get rid of that and make only openca socket owned by apache uid. Thanks for information. Best wishes -- Alexei Chetroi Smile... Tomorrow will be worse. (c) Murphy's Law ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ OpenCA-Devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-devel
