----------------------------
1. re-written file:
- a. file name: abc.php
- b. file owner: admin
- c. file permissions: 644
- a. file name: online_interface.php
- b. file owner: apache (file created by apache server to allow future file manipulation by server)
- c. file permissions: 644
-----------------------------------
Task: human user re-writes abc.php content, using online_interface.php manager.
Explanation: to those asking "why would anyone allow that?": say, file holds periodic report, or it is a language specific file and it needs to be amended from time to time etc.
How on-line interface works:
1. abc.php has its permission changed to 777
2. content of abc.php is replaced
3. abc.php permissions are changed to 644
doubts
---------------
1. Is file possessing apache as user more vulnerable to unauthorised access/change, than one with admin user?
2. Can apache-owned file be compromised by off-filesystem (located on different website) equivalent of online_interface.php?
3. I assume that if someone succeded to inject some file-manager into filesystem, he would be able to do whatever changes he desires, but that means that sftp credentials must have been compromised, right?
If there are some other "perils", please share your thoughts and experience.