On Wed, Sep 19, 2018 at 11:09:20AM -0700, Chris Bennett wrote: [...] > I still would like to know about httpd's owner:group and permissions on files > not served to the public.
I am not sure if somebody answered you offline, but my reasoning goes like this: 1. httpd runs and has said files writeable to itself (due to same owner:group) (if Perl is a no-no, how about PHP, a popular choice with problems of its own [judging from bug reports from time to time]) 2. someone finds a security hole 3. your scripts in Perl/PHP/C++ or whatever become overwritten by httpd 4. from now on the scripts will be not only doing what they were doing upto now, but also whatever additional code someone appended to them 5. ... something nasty HTH -- Regards, Tomasz Rola -- ** A C programmer asked whether computer had Buddha's nature. ** ** As the answer, master did "rm -rif" on the programmer's home ** ** directory. And then the C programmer became enlightened... ** ** ** ** Tomasz Rola mailto:tomasz_r...@bigfoot.com **
