Greetings, I have a concern here. I followed instructions found on this forum on how to install suPHP. As far as I can tell, it works. I can view my sites, and I haven't been able to fully test it out. My concern however is that I still require permissions of 755 for my php scripts. This leaves mySQL db passwords readable, in turn compromising security to any legit users of the box or a low security user being cracked. I don't particularly enjoy this thought and would like to protect against it. I know it's not standard security. Now, I've stopped people from being able to read the directories. So unless you know its there, there's nothing you'd logically do. However, we're talking about public websites. I've got two domains on my box, demortes.hopto.org and tassault.servegame.com. tassault is under one user, and of course demortes.hopto.org is under a different user. Multiple people will be using tassault.servegame.com, and at this time all users I trust. You can obviously see, by visiting demortes.hopto.org, that it is a wordpress blog. So you know by default, the settings is located in the web root under wp-config.php. I can still "pwd" to get the present directory, assume the directory structure is the same for that user, and nano /var/www/web1/web/wp-config.php and see the mySQL DB user, databse and password. Once I have that, can do whatever I want to the mySQL DB. How do I prevent this in, if not in ISPConfig, then perhaps in my ubuntu 9.10 box. Any assistance and advice is greatly appreciated. Demortes P.S. I've read about jailing people into their home directories and whatnot, but this then blocks needed programs like make, nano, and even uptime from the enduser, which I have need for.