Runnning php scripts under apache ownership: safe/unsafe

What is possible security draw-back of running entire php-based site (all scripts) owned by apache?

Is it easier for net-vermin to break into site’s directory - upload some unauthorised script, or edit existing, than it would be if dirs/files are owned by user?

Not really concerned with inability to access scripts through ftp client running as user (not a draw-back for me).
Assumed proper chmod:

  • all folders: 755
  • file: 644

Not much difference.

…Thank you Shrapnel_N5 …

Is there only one site, one user on the server?

VPS/VDS - one site only

This arrangement (scripts under apache ownership) are to avoid using suphp (or similar), which can be a hog on resources, yet allow user:
– to make changes (read, write, delete create files and directories) using interface (no need for ftp/tech knowledge)
– scripts to manipulate permissions, as needed
e.g.: upload file -> make img:directory writeable->move image to img:dir->change dir back to 755,
or allow script to make file writeable, write to file, change permissions to proper 644