I am running a linux server that is running apache, using virtual hosts. There are several user accounts on the machine - each with ftp access to their files. There is one flaw however - a user of the server can create a php file that will read the other user's files.
This is because the user "web" has read access to all of these - does anyone know how to configure this correctly, so that the php-scripts cannot access the other users' files?
Robert.
