-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Jun 23, 2008 at 13:14, Arvid Ephraim Picciani wrote:
that link states exactly the oposit of what you where saing before. no user owned files anywhere. all owned by root.
The link states that all the directories should be owned by root, not the files. Then if httpd is compromised, only the http owned files are compromised, not the whole directory. (notice they are talking about /, /usr/bin, etc... things that arch HAS set as owned by root) The link states that apache's httpd process will drop to the User set in configuration to serve hits. To my understanding we're just making an http user for httpd to drop to. But no, it's cool. Stay trolling. I'm totally more convinced of your point every time you reply. // jeff - -- . : [ + carpe diem totus tuus + ] : . -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: http://getfiregpg.org iEYEARECAAYFAkhf39MACgkQ4SR5wfM7frqZ1ACggjBDsJMrNuP9ALfQyPXPfH4G +w8An2KWHOtBuoBdrx+104r9PUTSmg9G =+TDk -----END PGP SIGNATURE-----