>now I realise that apache.apache is basically the same as nobody.nobody and >that means that the files are basically world writeable,, so its a bad idea >yes? Frank, (I'm sure someone will correct me if this is way off base) Actually, as "nobody:nobody" or apache:apache, you are better off. And no, that doesn't mean that the files are "world writeable". The only time such files will be "world writeable" is if you have write access for other enabled (or something like all permissions for everyone). The minimum permissions for a file are 644 (which gives the user read, write and execute, and everyone else read-only), for directories or cgi / perl scripts, the minimum permissions are 755. Michael -- Michael Viron Registered Linux User #81978 Senior Systems & Administration Consultant Web Spinners, University of West Florida