SSL key permissions - why does root work?

pokrface nginx-forum at
Wed Dec 5 17:05:02 UTC 2012

Hi all--

This might be a silly question, so I apologize, but I would like to know the
answer. When configuring Nginx to work with SSL/TLS, best practice appears
to be to secure your site's private key by ensuring it's owned by root:root
and that its permissions are set to 400. My question, though, is why does
this work? The Nginx worker processes, running under their own context,
can't access the file that way. Do they rely on the master process (running
as root) to read the key for them?


Posted at Nginx Forum:,233606,233606#msg-233606

More information about the nginx mailing list