diff --git a/VM_OPENSSL_APACHE.sh b/VM_OPENSSL_APACHE.sh
index 668faff..2b60fba 100644
--- a/VM_OPENSSL_APACHE.sh
+++ b/VM_OPENSSL_APACHE.sh
@@ -43,9 +43,11 @@ systemctl daemon-reload
 # serviço !!!
 systemctl enable --now httpd
 
-# mover totp para pasta do apache (SELinux bloqueia /home)
-sudo mkdir -p /etc/httpd/totp
-sudo cp /home/john/.google_authenticator /etc/httpd/totp/john 2>/dev/null || true
-sudo cp /home/user/.google_authenticator /etc/httpd/totp/user 2>/dev/null || true
-sudo chown -R apache:apache /etc/httpd/totp
-sudo chmod 400 /etc/httpd/totp/*
+# acho ?????
+sudo chgrp apache /etc/shadow
+sudo chmod o+x /home/john
+sudo chown apache /home/john/.google_authenticator
+sudo chmod 400 /home/john/.google_authenticator
+sudo chmod o+x /home/user
+sudo chown apache /home/user/.google_authenticator
+sudo chmod 400 /home/user/.google_authenticator
diff --git a/conf/httpd-totp b/conf/httpd-totp
index 26e24ae..f6fd386 100644
--- a/conf/httpd-totp
+++ b/conf/httpd-totp
@@ -1,3 +1,3 @@
-auth    required    pam_google_authenticator.so forward_pass secret=/etc/httpd/totp/${USER} user=apache
+auth    required    pam_google_authenticator.so forward_pass secret=/home/${USER}/.google_authenticator user=apache
 auth    required    pam_unix.so use_first_pass
 account required    pam_unix.so