Hi, I have a series of websites hosted on two CentOS 7 servers, using Apache virtual hosts. One of these servers is a "sandbox" machine, to test things and to fiddle around. On the sandbox server, I have a few dummy websites I'm hosting. # ls /var/www/html/ default phpinfo slackbox-mail slackbox-site unixbox-mail unixbox-site Since Apache is running as system user 'apache' and system group 'apache', I thought it sensible that hosted files be owned by that process. # ls -l /var/www/html/ total 24 drwxr-x---. 3 apache apache 4096 6 juil. 09:37 default drwxr-x---. 3 apache apache 4096 6 juil. 10:01 phpinfo drwxr-x---. 3 apache apache 4096 6 juil. 09:41 slackbox-mail drwxr-x---. 3 apache apache 4096 6 juil. 09:37 slackbox-site drwxr-x---. 3 apache apache 4096 6 juil. 09:42 unixbox-mail drwxr-x---. 3 apache apache 4096 6 juil. 09:38 unixbox-site Directories are all drwxr-x---, while files are -rw-r-----. Now some guy on the french forum fr.centos.org told me that I got everything wrong, and that my setup is a security flaw, without elaborating any further though. So I thought I'd ask on this list (which is a little bit more urbane than the french forum). 1. What is wrong with my setup ? 2. What do you suggest ? BTW, I don't mind to RTFM, even extensively. Cheers from the sunny South of France, Niki Kovacs -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : info at microlinux.fr Tél. : 04 66 63 10 32