>Thanks, this worked. But is this the best way to do it, though? Is it possible to make the www folder traversible only by the apache user/group and not *all* users? The users on my box are trusted so >it's not a big deal but I'm just trying to understand best practices used for security. Run: ps -ef | grep httpd to find the user and group that your server runs as. What's mandatory is that the files under www be readable by the group that the web server is running as and the directory be both readable and executable (traversable). --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx