Welcome! Log In Create A New Profile

Advanced

Re: SSL key permissions - why does root work?

Maxim Dounin
December 06, 2012 05:24AM
Hello!

On Wed, Dec 05, 2012 at 12:05:02PM -0500, pokrface wrote:

> Hi all--
>
> This might be a silly question, so I apologize, but I would like to know the
> answer. When configuring Nginx to work with SSL/TLS, best practice appears
> to be to secure your site's private key by ensuring it's owned by root:root
> and that its permissions are set to 400. My question, though, is why does
> this work? The Nginx worker processes, running under their own context,
> can't access the file that way. Do they rely on the master process (running
> as root) to read the key for them?

Worker processes doesn't read keys, but use keys already in memory
(read by the master process during reading/parsing the
configuration file, and inherited via fork() syscall, much like
all other configuration data).

--
Maxim Dounin
http://nginx.com/support.html

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

SSL key permissions - why does root work?

pokrface December 05, 2012 12:05PM

Re: SSL key permissions - why does root work?

Maxim Dounin December 06, 2012 05:24AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 46
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready