apache2 config files must not be owned by the apache user

apache2/recipes/default.rb

@@ -70,14 +70,14 @@
   cookbook_file "/usr/local/bin/apache2_module_conf_generate.pl" do
     source "apache2_module_conf_generate.pl"
     mode 0755
-    owner node[:apache][:user]
+    owner "root"
     group node[:apache][:group]
   end
 
   %w{sites-available sites-enabled mods-available mods-enabled}.each do |dir|
     directory "#{node[:apache][:dir]}/#{dir}" do
       mode 0755
-      owner node[:apache][:user]
+      owner "root"
       group node[:apache][:group]
       action :create
     end
@@ -97,7 +97,7 @@
     template "/usr/sbin/#{modscript}" do
       source "#{modscript}.erb"
       mode 0755
-      owner node[:apache][:user]
+      owner "root"
       group node[:apache][:group]
     end
   end
@@ -120,21 +120,21 @@
 directory "#{node[:apache][:dir]}/ssl" do
   action :create
   mode 0755
-  owner node[:apache][:user]
+  owner "root"
   group node[:apache][:group]
 end
 
 directory "#{node[:apache][:dir]}/conf.d" do
   action :create
   mode 0755
-  owner node[:apache][:user]
+  owner "root"
   group node[:apache][:group]
 end
 
 directory node[:apache][:cache_dir] do
   action :create
   mode 0755
-  owner node[:apache][:user]
+  owner "root"
   group node[:apache][:group]
 end
 
@@ -146,7 +146,7 @@
     path "#{node[:apache][:dir]}/apache2.conf"
   end
   source "apache2.conf.erb"
-  owner node[:apache][:user]
+  owner "root"
   group node[:apache][:group]
   mode 0644
   notifies :restart, resources(:service => "apache2")
@@ -155,7 +155,7 @@
 template "security" do
   path "#{node[:apache][:dir]}/conf.d/security"
   source "security.erb"
-  owner node[:apache][:user]
+  owner "root"
   group node[:apache][:group]
   mode 0644
   backup false
@@ -165,7 +165,7 @@
 template "charset" do
   path "#{node[:apache][:dir]}/conf.d/charset"
   source "charset.erb"
-  owner node[:apache][:user]
+  owner "root"
   group node[:apache][:group]
   mode 0644
   backup false
@@ -174,7 +174,7 @@
 
 template "#{node[:apache][:dir]}/ports.conf" do
   source "ports.conf.erb"
-  owner node[:apache][:user]
+  owner "root"
   group node[:apache][:group]
   variables :apache_listen_ports => node[:apache][:listen_ports].map{|p| p.to_i}.uniq
   mode 0644
@@ -183,7 +183,7 @@
 
 template "#{node[:apache][:dir]}/sites-available/default" do
   source "default-site.erb"
-  owner node[:apache][:user]
+  owner "root"
   group node[:apache][:group]
   mode 0644
   notifies :restart, resources(:service => "apache2")

apache2/recipes/mod_auth_openid.rb

@@ -79,13 +79,13 @@
 end
 
 file "#{node[:apache][:cache_dir]}/mod_auth_openid.db" do
-  owner node[:apache][:user]
+  owner "root"
   mode 0640
 end
 
 template "#{node[:apache][:dir]}/mods-available/authopenid.load" do
   source "mods/authopenid.load.erb"
-  owner node[:apache][:user]
+  owner "root"
   group node[:apache][:group]
   mode 0644
 end
@@ -96,7 +96,7 @@
 
 template "/usr/local/bin/mod_auth_openid.rb" do
   source "mod_auth_openid.rb.erb"
-  owner node[:apache][:user]
+  owner "root"
   group node[:apache][:user]
   mode 0750
 end