Le Mon, 23 Jun 2008 19:14:58 +0200, Arvid Ephraim Picciani <aep@xxxxxxxxxxxxxxx> a écrit : > On Monday 23 June 2008 19:10:30 Pierre Chapuis wrote: > > > [1] http://httpd.apache.org/docs/2.2/misc/security_tips.html#serverroot > > that link states exactly the oposit of what you where saing before. > no user owned files anywhere. all owned by root. In fact I really meant the page you get when you click on the word "User", which is http://httpd.apache.org/docs/2.2/mod/mpm_common.html#user. It reads: "It is recommended that you set up a new user and group specifically for running the server. Some admins use user nobody, but this is not always desirable, since the nobody user can have other uses on the system." and also: "Don't set User (or Group) to root unless you know exactly what you are doing, and what the dangers are."
