This is what I do: chrooted Apache, PHP, MySQL. User directories are in /var/www/users; softlinked to HOME/public_html.
Problem: Running some php-mysql applications somewhere in /var/www/. These do work, but they need some config files containing mysql usernames and passwords for the databases. And these need at least xx4 permissions; xx0 will not permit those files to be read by apache / mysql / php. But once these have permissions of 'r' for world, the other local users can go and read those just as well; across their access to /var/www/users. Now I am looking for a pointer how to prevent that. I went through the archives and searched Google, but have no good idea on search terms in this case. TIA, Uwe
