Forum OpenACS Development: Re: OpenACS 4.6 Install Doc Changes
You certainly should roll the server log as well as the access log, unless you want it to grow enormous and eventually fill up your disk. I'm not sure what you mean by "worry about". Rolling the log is very easy, you might as well do it. Use ns_logroll - see this thread, but basically, just do something like this:
ns_schedule_daily 00 00 ns_logroll
Using nsopenssl isn't that hard, so if I'd use it at least for logging into any OpenACS account with admin privileges. But it's up to you. How much security do you want? Plus if you don't have the general public using SSL, you might as well just save some money and use a self-signed cert.
You don't "need" to have an particular scheme for what unix user and group AOLserver runs as, you just have to come up with something that meets your needs. In the OpenACS world, I believe nsadmin/web is still the most common. I believe both AOLserver 3.3+ad13 and 3.4.x (don't know abou 3.5 and 4.0) still have a bug where non-default unix group memberships are not honored, but I don't remember the details - search the BBoard, it's all in here somewhere.
Preferably, if AOLserver runs as user nsadmin then nsadmin should not have write access to the AOLserver binaries or anything else it doesn't really need write access to, but most people don't worry about that. (And those people will be in worse shape if their AOLserver gets cracked.)