You would ideally create a certbot user that has just the permissions it needs.
It has a fairly decent security history. So it's probably not the worst to run as root in a limited manner. On Mon, Sep 9, 2019, 5:52 PM Victor Sudakov <v...@mpeks.tomsk.su> wrote: > Trond Endrestøl wrote: > > > > #minute hour mday month wday who command > > > > 52 4 1 * * root certbot renew --quiet > --pre-hook "service apache24 stop" --post-hook "service apache24 start" > > 52 1 15 * * root certbot renew --quiet > --pre-hook "service apache24 stop" --post-hook "service apache24 start" > > Is it safe to run certbot as root? > > -- > Victor Sudakov, VAS4-RIPE, VAS47-RIPN > 2:5005/49@fidonet http://vas.tomsk.ru/ > _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
