2013/12/24 PaulNM <deb...@paulscrap.com> > > > On 12/24/2013 03:00 AM, Raffaele Morelli wrote: > > > > 2013/12/24 Reco <recovery...@gmail.com <mailto:recovery...@gmail.com>> > > > > Hi. > > > > On Tue, 24 Dec 2013 08:47:17 +0100 > > Raffaele Morelli <raffaele.more...@gmail.com > > <mailto:raffaele.more...@gmail.com>> wrote: > > > > > I think you should read man pages on shells and privileges first > > and what a > > > user can do. > > > > Can you elaborate please how exactly serving root-owned file with > > apache is a bad thing for security? > > > > > > php script is owned by root -> full system access > > No, php script *RUN* by root -> full system access > > php script run by www-data -> access to what www-data has access to. >
Yes, I missed this point. BTW, as I don't want to rewrite someone else system security rules, let's say that: MY best practice is to have www-data or any other NON-root user as the scripts owner. /r