Chris Adams wrote: > > For exmaple, if we create a root-owned .htaccess file, then site admins > > can't easily install their own. > > Since they own the directory (and have to, to create files), they can > remove any .htaccess file root creates.
I concede the point that if people are smart enough to know that there's an invisible .htaccess file owned by root in their upload directory they can delete it. Jeff -- Jeff Lasman <[EMAIL PROTECTED]> Linux and Cobalt/Sun/RaQ Consulting nobaloney.net P. O. Box 52672, Riverside, CA 92517 voice: (909) 778-9980 * fax: (702) 548-9484 _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
