On Jan 5, 2012, at 11:13 PM, email builder wrote: > I don't mean to thread-hijack, but I'm curious, if apache runs as its > own non-root user and /etc/shadow is root-owned and 0400, then > how could any exploit of software not running as root ever have > access to that file?? To listen on the default port 80, httpd requires running as root. According to the Apache httpd site, the main httpd process continues running as root, with the child processes dropping privileges to the other user. See: http://httpd.apache.org/docs/2.1/invoking.html