Hi, On 16.03.2013 00:33, Michael Herold wrote: > Right now I don't see any reason why it is not sufficient that files > created by www-data are readable by others then www-data per default.
Frankly I'd urge you to use another user for scripts. Do not let your server side scripting languages run as www-data, but let them run as their own user. If you have several virtual hosts that's required, otherwise a script vulnerability in one vhost causes security implications to the remaining hosts, because an attacker can access that data. -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D
signature.asc
Description: OpenPGP digital signature