On 12/24/2013 03:00 AM, Raffaele Morelli wrote:
>
> 2013/12/24 Reco <recoverym4n@gmail.com <mailto:recoverym4n@gmail.com>>
> <mailto:raffaele.morelli@gmail.com>> wrote:No, php script *RUN* by root -> full system access
>
> > I think you should read man pages on shells and privileges first
> and what a
> > user can do.
>
> Can you elaborate please how exactly serving root-owned file with
> apache is a bad thing for security?
>
>
> php script is owned by root -> full system access
php script run by www-data -> access to what www-data has access to.