What is possible security draw-back of running entire php-based site (all scripts) owned by apache?
Is it easier for net-vermin to break into site’s directory - upload some unauthorised script, or edit existing, than it would be if dirs/files are owned by user?
Not really concerned with inability to access scripts through ftp client running as user (not a draw-back for me).
Assumed proper chmod:
Not much difference.
…Thank you Shrapnel_N5 …
Is there only one site, one user on the server?
VPS/VDS - one site only
This arrangement (scripts under apache ownership) are to avoid using suphp (or similar), which can be a hog on resources, yet allow user:
– to make changes (read, write, delete create files and directories) using interface (no need for ftp/tech knowledge)
– scripts to manipulate permissions, as needed
e.g.: upload file -> make img:directory writeable->move image to img:dir->change dir back to 755,
or allow script to make file writeable, write to file, change permissions to proper 644