Hello!

On Wed, Dec 05, 2012 at 12:05:02PM -0500, pokrface wrote:

> Hi all--
>
> This might be a silly question, so I apologize, but I would like to know the
> answer. When configuring Nginx to work with SSL/TLS, best practice appears
> to be to secure your site's private key by ensuring it's owned by root:root
> and that its permissions are set to 400. My question, though, is why does
> this work? The Nginx worker processes, running under their own context,
> can't access the file that way. Do they rely on the master process (running
> as root) to read the key for them?

Worker processes doesn't read keys, but use keys already in memory
(read by the master process during reading/parsing the
configuration file, and inherited via fork() syscall, much like
all other configuration data).

--
Maxim Dounin
http://nginx.com/support.html

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx