Hi, I need to know if its a good idea to run webserver as user 'apache', have all files in webroot owned by user apache and perms 644?
Would this still mean that if server runs as apache and it has read/write access, someone could take advantage of loop holes on the site and overwrite some files on our site? Can someone comment? Thanks, Mandy.
