Looking at the apache spec for 1.3.14-2mdk, it doesn't make sense to run httpd as the user apache and also have /var/www/* be owned by apache.apache This means if some one compromises the apache user, they can change the html/cgi-scripts on the filesystem. Apache is supposed to be run as a non privledged user. Cheers, Chris -- Chris Green <[EMAIL PROTECTED]> Let not the sands of time get in your lunch.
