Sels, Roger wrote: >The files in your /var/www should strictly speaking only be accessible to >your webserver ; for apache usually www-data or apache or httpd accounts >should have rwx permissions. > > You usually dont want to give the apache user write access to the site. When Apache is compromised, a remote attacker could change your website without having to escalate privileges first. Also, when Apache runs scripts as the apache user (e.g. CGI for a local user), that script would be able to rewrite your web site.
-- Dan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
