Stephen Nelson-Smith wrote: > I have a site running drupal. The apache user therefore needs to be > able to write certain files (CSS files for example). > > I also have a directory under my web root which is a SAN mount, to > which apache must be able to write. > > What is the most secure way to implement this? > > I am thinking: > > chown -R root:apache /var/www/html > chmod -R 0750 /var/www/html > chown apache:apache for where need to write Yes, use acl and selinux. -- Eero