Just noticed an issue where I have a user as an admin and files on their home path is 644 but I noticed that when I remove the admin rights to the ispc system for that site, all files belong to "apache" user now.
This opens the server up for writing now and any content can be changed if there is a vulnerable page whereas as the user they can't modify the files with the 644 permissions.
drwxrwxr-x 2 apache web7 4096 Jul 21 10:32 cgi-bin
drwxr-xr-x 3 apache web7 4096 Sep 5 09:58 log
drwxrwxrwx 2 apache web7 4096 Sep 12 12:13 phptmp
drwxr-xr-x 2 apache web7 4096 Jul 21 10:32 ssl
drwxr-xr-x 11 apache web7 4096 Sep 8 21:24 user
drwxrwxr-x 17 apache web7 4096 Sep 12 15:25 web
anyone notice this?