Note: This web site is only kept up to date for OSG Software 1.2 (VDT 2.0.0). If you are looking for information for the most recent release, the RPM-based OSG Software 3.0, please see the OSG documentation web site

Proposal for Changing Ownership

Problem

Iwona Sakrejda brought a problem to our attention. Some system administrators want to minimize the number of services running as the daemon user, mostly for security reasons. Specifically, she was asked to run Apache as a user other than daemon. However, the VDT as it stands today (2.0.0p8) makes this change difficult for two reasons:

Proposed Solution

For each service that requires access to the HTTP service certificate, have the service run as the same user that owns the certificate at configuration time.

Implementation Notes