>Hi Miguel > >Attached is log file. > >I have changed the user and group name in httpd.conf to scott. I have chown >scott:scott users templates. > >As scott is a member of the "root" group, I have allowed rwx on the group part >of the apache directories which were before I changed them:
This is definitely not a good idea. A compromise of the web server could now be system wide and fatal. The only member of the root group should be root. If you need more functions as a user, then I suggest giving specific permissions to that user or using the wheel group. Apache is generally run as the user/group apache:apache so the server daemon is not running suid root. We always have to aware of possible security holes, even where none exist. Perl/php could very well have such holes that are still unknown. -- Keith Mastin BeechTree Information Technology Services Inc. 137 Laird Drive Toronto M4G 3V5 http://www.beechtree.ca (416)696-6070 Fax(416)696-6072 [EMAIL PROTECTED] ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------- (un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users Archive: http://www.mail-archive.com/[email protected]/
