On 08/09/11 6:33 AM, m.roth at 5-cent.us wrote: > What I've done, where developers, for example, need to put updated pages > in, is to have the directories owned by apache/httpd, but the*group* that > they belong to, and make it group writeable. you don't actually want apache/http to own ANY of the web content, it should all be read only from the webserver's perspective. this way if the web server gets hacked, it can't be used to upload hostile content. -- john r pierce N 37, W 122 santa cruz ca mid-left coast