Check filesystem permissions on NSS database at startup

See if the configured user has read access to the NSS database
during initialization so the server can gracefully shutdown
rather than ending up in a forking loop because the database is
owned by root and is therefore unreadable once Apache starts
forking.

Adds a new configuration option, NSSSkipPermissionCheck <on/off>,
to skip this check in case something goes wrong.

https://fedorahosted.org/mod_nss/ticket/3

1 files changed, 12 insertions, 0 deletions

diff --git a/docs/mod_nss.html b/docs/mod_nss.html
index c84f938..ec03a07 100644
--- a/docs/mod_nss.html
+++ b/docs/mod_nss.html
@@ -440,6 +440,18 @@ reads that many bytes, otherwise it reads until the program exits.<br>
 NSSRandomSeed startup /dev/urandom 512<br>
 NSSRandomSeed startup /usr/bin/makerandom</code><br>
 <br>
+<big><big>NSSSkipPermissionCheck</big></big><br>
+<br>
+The NSS database will be checked to ensure that the user configured
+to run Apache as has owner or group read access to the database
+configured in <code>NSSCertificateDatabase</code>. This check
+can be disabled by setting <code>NSSSkipPermissionCheck</code>
+to <code>on</code>. The default is <code>off</code><br>
+<br>
+<span style="font-weight: bold;">Example</span><br>
+<br>
+<code>NSSSkipPermissionCheck on</code><br>
+<br>
 <big><big>NSSEngine</big></big><br>
 <br>
 Enables or disables the SSL protocol. This is usually used within a