Re: [Jack-Devel] www.jackaudio.org defacement
> Date: Fri, 30 Dec 2011 17:24:26 -0500
> From: Paul Davis <[hidden]>
> To: John Rigg <[hidden]>
> Cc: [hidden]
>
> for now, i've switched the user that the website "runs as", but made a
> different user the owner of all the files that comprise the website
> itself. in theory this should prevent web-vectored attacks from
> modifying any files. dreamhost does things slightly oddly AFAICT: i
> think the httpd server itself runs as "nobody" but any CGI scripts are
> executed as a specified user.
I might be mistaken, but doesn't the cgi or fast-cgi flavor of
php.ini control what user runs CGI scripts?
HTH
Robert
1325285574.31816_0.ltw:2,a <20111230225243.1FE2826513 at one dot localnet>