Since Haproxy starts as root but drops its workers to the haproxy user, I was wondering who needs to own the crt, crl-file and so on? does it need to be the haproxy user or can the subprocesses still get the content if the owner is root?
I’ve been reading the configuration manual entries on these specific arguments but it doesn’t seem to talk about these topics at all.
We are running on RHEL 7, master_worker mode and using user haproxy and group haproxy in the .cfg file.
Thank you for your help!