File Permissions

[Jim Cornette]

Tim wrote:
> 
> And for completeness' sake, you want to own your files, or root, but not
> Apache (you don't want any exploits to be able to re-write files). 

> They should be world readable, directories world executable. Group
> permisions aren't important, unless playing with the Apache xbit 
> hack.

Why would you not want apache to own the files? I have a server that is 
in a sandbox which works fine when files are owned by apache. The 
permissions are set to 644.
I cannot recall if I could edit a file and save it to the server when 
apache owned the files or not.

Doesn't apache serve the files but the viewer of the file is requesting 
the files with different permissions?

I'm not nearly sure what all the interaction is for a user and served 
files from apache. I just went by how the server acts when I tried to 
request documents and when I tried to edit and save files located on the 
served content.

Now totally confused.
Jim

-- 
Excellent time to become a missing person.