9 Aug
2011
9 Aug
'11
5:55 p.m.
On 08/09/11 6:33 AM, m.roth@5-cent.us wrote:
What I've done, where developers, for example, need to put updated pages in, is to have the directories owned by apache/httpd, but the*group* that they belong to, and make it group writeable.
you don't actually want apache/http to own ANY of the web content, it should all be read only from the webserver's perspective. this way if the web server gets hacked, it can't be used to upload hostile content.
--
john r pierce N 37, W 122
santa cruz ca mid-left coast