On Fri, Apr 11, 2008 at 7:27 AM, <[EMAIL PROTECTED]> wrote: > Hi Mandy, > > > I need to know if its a good idea to run webserver as > > user 'apache', have all files in webroot owned by user > > apache and perms 644? > > It's not exactly a good idea, but if you are in a situation > where the advantage outweighs the problems, then go ahead. > > > Would this still mean that if server runs as apache > > and it has read/write access, someone could take > > advantage of loop holes on the site and overwrite > > some files on our site? > > Simply speaking yes. > > You may also want to look into the mod_suexec. > > regs, > > Christian Folini > Hi Christian,
could you point us to any discussion on this topic. I'm interested to know the pros and cons. Thanks Jonny
