hi all, assume apache runs under apache user/group and i have a user/group name "weber". i use "weber" user to upload files via ftp/sftp. where should i place my include files so that no one can access except apache b/c these files contained user/pw for mysql. i usually place them in /var/www/html/includes, but people can access to this folder, so i'm thinking place them in /var/www/includes. what should the permission for /var/www/html and /var/www/inclues/? what group should these two directories belong to??? thanks, t. hiep