Should cron.deny include www-data user per default? It would make it bit harder for people to exploit broken php scripts. Thanks, -- ++ytti