> > > > > > Actually: Who owns a directory doesn't affect the file permissions and > > > file ownerships of anything within the directory. > > > > Actually, you are wrong. It does affect who can create and remove files > > in that directory. > > > Chris is correct, I know it doesn't seem logical, but the owner of a > directory > can delete files owned by root, regardles of permissions.... > It's the directory ownership that rules....
How about one of these options: (all of which require a little manual effort) * Link to a master .htaccess (hard or soft). Can the user delete a hard link that is owned by root? * Create a <Directory> statement in virtual site config specifying everything that you would have put into the .htaccess. I can't think of anything that can go into a .htaccess file that can't go into a <Directory></Directory> statement. * (I think someone mentioned this) isn't there an ext2fs attribute that prohibits deleting even by root? Matthew Nuzum www.bearfruit.org [EMAIL PROTECTED] _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
