From 105d65bfedfa0e381dcebd197ef67aab799fc8b1 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 29 Feb 2016 22:33:23 -0500
Subject: Check filesystem permissions on NSS database at startup

See if the configured user has read access to the NSS database
during initialization so the server can gracefully shutdown
rather than ending up in a forking loop because the database is
owned by root and is therefore unreadable once Apache starts
forking.

Adds a new configuration option, NSSSkipPermissionCheck <on/off>,
to skip this check in case something goes wrong.

https://fedorahosted.org/mod_nss/ticket/3
---
 docs/mod_nss.html | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'docs')

diff --git a/docs/mod_nss.html b/docs/mod_nss.html
index c84f938..ec03a07 100644
--- a/docs/mod_nss.html
+++ b/docs/mod_nss.html
@@ -440,6 +440,18 @@ reads that many bytes, otherwise it reads until the program exits.<br>
 NSSRandomSeed startup /dev/urandom 512<br>
 NSSRandomSeed startup /usr/bin/makerandom</code><br>
 <br>
+<big><big>NSSSkipPermissionCheck</big></big><br>
+<br>
+The NSS database will be checked to ensure that the user configured
+to run Apache as has owner or group read access to the database
+configured in <code>NSSCertificateDatabase</code>. This check
+can be disabled by setting <code>NSSSkipPermissionCheck</code>
+to <code>on</code>. The default is <code>off</code><br>
+<br>
+<span style="font-weight: bold;">Example</span><br>
+<br>
+<code>NSSSkipPermissionCheck on</code><br>
+<br>
 <big><big>NSSEngine</big></big><br>
 <br>
 Enables or disables the SSL protocol. This is usually used within a
-- 
cgit