On Mon, 2006-06-19 at 23:06 -0700, Knute Johnson wrote: > I'm setting up my HTTP server and I'm not sure who should own my html > files. These are not user files but the files I keep in my document > root, /var/www/html. Currently they are owned by root:root. > Html files -- Does not matter who owns them, only who can read them. The server must be able to read them for the client. > What about cgi script files in /var/www/cgi-bin? I wouldn't think > you would want them owned by root? > Same as above, As long as they are not suid they can only do as much damage as the user _running_ the script/program (usually the user running the web server). If the script/program is suid then it can do as much damage as its _owner_ could do, whoever that may be. Ownership is not nearly as intrusive and dangerous as suid would be. > Thanks, > > -- > Knute Johnson > Molon Labe... > >