Tim wrote:
And for completeness' sake, you want to own your files, or root, but not
Apache (you don't want any exploits to be able to re-write files).
They should be world readable, directories world executable. Group
permisions aren't important, unless playing with the Apache xbit
hack.
Why would you not want apache to own the files? I have a server that is
in a sandbox which works fine when files are owned by apache. The
permissions are set to 644.
I cannot recall if I could edit a file and save it to the server when
apache owned the files or not.
Doesn't apache serve the files but the viewer of the file is requesting
the files with different permissions?
I'm not nearly sure what all the interaction is for a user and served
files from apache. I just went by how the server acts when I tried to
request documents and when I tried to edit and save files located on the
served content.
Now totally confused.
Jim
--
Excellent time to become a missing person.
