diff --git a/VM_OPENSSL_APACHE.sh b/VM_OPENSSL_APACHE.sh
index 2b7f864..651fdb9 100644
--- a/VM_OPENSSL_APACHE.sh
+++ b/VM_OPENSSL_APACHE.sh
@@ -45,8 +45,7 @@ systemctl enable --now httpd
 
 # acho ?????
 sudo chgrp apache /etc/shadow
-sudo chmod 440 /etc/shadow
-sudo chmod o+x /home/user
-sudo chmod 444 /home/user/.google_authenticator
-sudo chmod o+x /home/john
-sudo chmod 444 /home/john/.google_authenticator
+sudo chown apache /home/john/.google_authenticator
+sudo chmod 400 /home/john/.google_authenticator
+sudo chown apache /home/user/.google_authenticator
+sudo chmod 400 /home/user/.google_authenticator
diff --git a/conf/httpd-totp b/conf/httpd-totp
index 10fa5ab..f6fd386 100644
--- a/conf/httpd-totp
+++ b/conf/httpd-totp
@@ -1,3 +1,3 @@
-auth    required    pam_google_authenticator.so forward_pass
+auth    required    pam_google_authenticator.so forward_pass secret=/home/${USER}/.google_authenticator user=apache
 auth    required    pam_unix.so use_first_pass
 account required    pam_unix.so