<a href="http://drupal.org/node/244924">http://drupal.org/node/244924</a> -- is a very helpful resource for securing file permissions. <br><br><div class="gmail_quote">On Mon, Jan 9, 2012 at 10:45 PM, Jarry <span dir="ltr"><<a href="mailto:mr.jarry@gmail.com">mr.jarry@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On 09-Jan-12 16:32, Dick Hoogendijk wrote:<br>
> If I install the FreeBSD port of drupal all my files are owned by the<br>
> user the webserver is running under (www). This way Drupal is very<br>
> capable of updating/installing new core and/or modules.<br>
><br>
> My question is: is it save(!) to have the files owned by the user under<br>
> which your Apache server executes?<br>
<br>
</div></div>You probably mean "safe"? Personally, the first thing I do<br>
after downloading and unpacking new module is<br>
$ sudo chown -R root:root <dir><br>
Of course, you'd need shell account, and even root-password.<br>
<br>
I do not give users higher access-rights than what they really<br>
need. And web-server does not need to be owner of these files<br>
(now talking about core and modules)...<br>
<br>
Jarry<br>
<span class="HOEnZb"><font color="#888888">--<br>
_______________________________________________________________<br>
This mailbox accepts e-mails only from selected mailing-lists!<br>
Everything else is considered to be spam and therefore deleted.<br>
--<br>
[ Drupal support list | <a href="http://lists.drupal.org/" target="_blank">http://lists.drupal.org/</a> ]<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br>Cheers,<div>Mukesh Agarwal</div><div>________________________________</div><div><font color="#999999"><a href="http://www.innoraft.com" target="_blank">Innoraft Solutions</a> || </font><span style="color:rgb(153,153,153)">+91 8017220799</span></div>
<br>