thanks pizdin, Ill give that a try. I was going to chown them to httpd:httpd, but root:httpd sounds much better.
macmanx,
i was afraid that would be the answer!
thanks for the reply. thats reassuring to know that!
but my question had to do more with local users actually logged into the server via telnet, ssh, or whatever… they could easily read the file. in my case, i have no such users (besides myself) but suppose some other service gets compromised and someone gains access as whatever user the daemon was running as, they could tool my dbase. of course, they could do other things that hit harder (root kit, etc), but i was just wondering if there was a way to lock this down a bit more, just out of curiosity.
thanks again
