Thanks a lot,
the problem was that I owned the httpd process. Although I didn't run it as
a root, it evidently had all permissions on all my files. As soon as I
changed the owner and the group the problem went away. I don't think I
encountered the same problem in an earlier version of Apache I used.
> One idea:
> Take a look at what user the httpd processes are being run as. If the
> root user is being used, then apache will have access to every file on
> your machine. This is not good.
> It's recommended that you use the user 'nobody' or 'http' instead of
> You can see how to change this and more general info at
> If httpd is not being run as root, see who is running it. Then check
> to see if these files you want to "protect" are also owned by that
> same person. That could also be a problem.
> > Hi,
> >I'm running Apache 1.3.3 on IRIX machine, and I can't prevent it from
> >reading the files I want to protect. Even after I take -r- permissions
> >from the files and -x- permissions from directories, Apache would
> >display these files in the browser. How is it possible?
> Christopher Schulte
> Replace usenet with chris to send mail.
> will *never* get to me. I hate spam!