It has nothing to do with being "free to do anything". This is about basic security, and the principle of least privileges.
On Fri, 19 Mar 2021 at 19:33, Tatsuki Makino <tatsuki_mak...@hotmail.com> wrote: > Frank Gingras wrote on 2021/03/19 21:36: > > This is an extremely bad idea. You should never write to the docroot from > > your application. Write outside the docroot instead, and use group write > > permissions. > > Isn't root the owner of docroot? > When the user of an application is the owner, he should be free to do > anything. > If you don't want users of the application to be free to do so, change the > owner/groups separately and don't give them permission. > If we don't understand that we can barricade ourselves in with just that, > we will need an extra security system. like SE****x. > >
