SSL key permissions - why does root work?

Hi all–

This might be a silly question, so I apologize, but I would like to know
the
answer. When configuring Nginx to work with SSL/TLS, best practice
appears
to be to secure your site’s private key by ensuring it’s owned by
root:root
and that its permissions are set to 400. My question, though, is why
does
this work? The Nginx worker processes, running under their own context,
can’t access the file that way. Do they rely on the master process
(running
as root) to read the key for them?

Thanks!

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,233606,233606#msg-233606

Hello!

On Wed, Dec 05, 2012 at 12:05:02PM -0500, pokrface wrote:

Hi all–

This might be a silly question, so I apologize, but I would like to know the
answer. When configuring Nginx to work with SSL/TLS, best practice appears
to be to secure your site’s private key by ensuring it’s owned by root:root
and that its permissions are set to 400. My question, though, is why does
this work? The Nginx worker processes, running under their own context,
can’t access the file that way. Do they rely on the master process (running
as root) to read the key for them?

Worker processes doesn’t read keys, but use keys already in memory
(read by the master process during reading/parsing the
configuration file, and inherited via fork() syscall, much like
all other configuration data).


Maxim D.
http://nginx.com/support.html

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs