you should think of "nobody" as a complete stranger going through your environment. think about what you want visible to an unknown/untrusted agent and what you want modifiable or removable by that agent. i wouldn't give "nobody" ownership or write access to a web script. if "nobody" happens to be the user name of the server process and it needs write access to something, make sure it is in a safe place.
Msg#: 3782495 posted 8:10 am on Nov 9, 2008 (gmt 0)
It's acceptable for files/directories to be owned by 'nobody' if the Web server needs to write to them, but it should be used sparingly. There could be a number of security holes that would allow users to read/write the files at will.
Msg#: 3782495 posted 1:48 pm on Nov 11, 2008 (gmt 0)
I think (I'm not a linux expert) that the scripts should be owned by the user needing to run them. Thus, if your webserver is executing the script, the webserver user (apache, or whatever the user is on your system) should be the owner of the script and the directory that it needs access to. Then setting permissions to 755 on the directory should let the script do what it needs, but nobody else.