Allegedly, on or about 09 September 2016, Alex sent:
The reason I was exploring other possibilities is because generally
speaking the apache user shouldn't have write privileges in the
document root. If there was ever an apache compromise leading to a
shell, it would put in jeopardy the entire website. I'd like to avoid
The barely improved solution is to not let it write to the document
root, but only to a sub-directory.
I would have thought, though, that the way to do this is to not allow
any writes to anything in the document root, but for your publishing
scripts to write to its own (separate) database, in a rigidly controlled
manner (by the authoring software), and for the webserver to read from
[tim@localhost ~]$ uname -rsvp
Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64
Boilerplate: All mail to my mailbox is automatically deleted, there is
no point trying to privately email me, I only get to see the messages
posted to the mailing list.
If you don't understand how e-mail threading works, then follow the
instructions given by those who do, and don't argue with them.