Date: Mon, 9 Sep 2019 18:10:26 -0700 From: Micheas Herman <m@micheas.net> To: Victor Sudakov <vas@mpeks.tomsk.su> Cc: freebsd-security@freebsd.org Subject: Re: Let's Encrypt Message-ID: <CAJw6ij=bHB-bZoxmgkqEYyxfR6ue8VB3AL_2kfh7hzChODY-4w@mail.gmail.com> In-Reply-To: <20190910005231.GA23163@admin.sibptus.ru> References: <20190908145835.GA67269@admin.sibptus.ru> <20190909090605.GA97856@admin.sibptus.ru> <alpine.BSF.2.21.99999.352.1909091206360.18927@enterprise.ximalas.info> <20190910005231.GA23163@admin.sibptus.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
You would ideally create a certbot user that has just the permissions it needs. It has a fairly decent security history. So it's probably not the worst to run as root in a limited manner. On Mon, Sep 9, 2019, 5:52 PM Victor Sudakov <vas@mpeks.tomsk.su> wrote: > Trond Endrest=C3=B8l wrote: > > > > #minute hour mday month wday who command > > > > 52 4 1 * * root certbot renew --quiet > --pre-hook "service apache24 stop" --post-hook "service apache24 start" > > 52 1 15 * * root certbot renew --quiet > --pre-hook "service apache24 stop" --post-hook "service apache24 start" > > Is it safe to run certbot as root? > > -- > Victor Sudakov, VAS4-RIPE, VAS47-RIPN > 2:5005/49@fidonet http://vas.tomsk.ru/ >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJw6ij=bHB-bZoxmgkqEYyxfR6ue8VB3AL_2kfh7hzChODY-4w>