Anyone? On Thu, Apr 10, 2008 at 10:51 PM, Mandy Singh <[EMAIL PROTECTED]> wrote:
> Hi, > > I need to know if its a good idea to run webserver as user 'apache', have > all files in webroot owned by user apache and perms 644? > > Would this still mean that if server runs as apache and it has read/write > access, someone could take advantage of loop holes on the site and overwrite > some files on our site? > > Can someone comment? > > Thanks, > Mandy. >