On Thu, 2004-10-07 at 13:11, Arjan van de Ven wrote: > while that is true it sure should be possible to have a policy that can > be used by default and doesn't change existing "this works" practice. > Even if that policy allows a bit more than you would want. Hmmm...well, what I heard one person say was "apache can read everything the customer can write" (and possibly worse, it may have been "apache can read or write or execute anything the customer can write"). You can certainly adjust the apache policy to fit that model, but I doubt you want it as the default. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
