Primeiro, algumas informações básicas sobre o servidor
Running latest ubuntu and nginx. Nginx is set up for virtual hosts. Users (100+ of them) are allowed to serve a website my placing their html at $HOME/site.domain.com/public/ If their site is security-sensitive, they can place a rsa key pair at $HOME/site.domain.com.pem $HOME/site.domain.com.key and this gets picked up by nginx and the html is served in https mode without certificate errors.
O problema: Quais permissões (chmod) devem ter $ HOME / site.domain.com.key?
Aqui estão as restrições
- Other linux (non-root) users should not be able to "steal" .key files.
- Nginx runs as user www-data and group www-data I believe. So nginx needs to be able to have read access to any users .pem file when nginx is rebooted with 'service nginx restart'
- Root users (root and ubuntu) should have access to any file using sudo
- To make user management easy, the users we added (not the ones that comes with ubuntu install) all have their primary group set as "ourcompanygroup". I'm flexible on this.
Referências: link