Hey On Fri, Nov 27, 2009 at 10:46 AM, Stephen Nelson-Smith <stephen at atalanta-systems.com> wrote: > I have a site running drupal. The apache user therefore needs to be > able to write certain files (CSS files for example). > > I also have a directory under my web root which is a SAN mount, to > which apache must be able to write. > > What is the most secure way to implement this? > > I am thinking: > > chown -R root:apache /var/www/html > chmod -R 0750 /var/www/html > chown apache:apache for where need to write > > Is there a better way? This might be an idea http://www.faqs.org/docs/securing/chap29sec254.html and this http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-acls.html of course disabling execution of files in your upload dir is really important. Cheers Didi -- My www page: www.ribalba.de Email / Jabber: ribalba at gmail.com Skype : ribalba