Hi guys,
until recently I thought my SSL config on my server was pretty good. I had a subdirectory in /etc/ssl/ where I put my SSL certificate, private key, DH-params and so on. These were secured with chown -R root:root and chmod -R 400.
However I now have a few applications which do not run / start as root, but run (each) as a completely unique user:
Prosody (XMPP Server), IRCD-Hybrid (IRC Server) and ZNC (IRC Bouncer).
All of these need access to the previously mentioned files, but I don't know how to grant them the permissions, while still storing my SSL files as secure as possible.
I'm running a Debian system.
How do/would you solve this problem?
[link][17 comments]