Hi,
I have run the Security review modules reports and the recommendation was to correct the permissions for dozens of files and directories.
I didn't set up the site, but I went to change any permissions of the the web server to write to files inside the document root but what I found was that, for virtually all files and directories, the owner and the group set to be the *username* of the site.
I then did a ps aux | grep apache and saw that all instances of the web server on the multi-site host had the user:group of nobody:nobody.
Given this, can anybody suggest why Security Review is telling me why files like ./robots.txt and ./index.php both of which are set to *username*:*username* and have permissions of 644 need to be changed?
Thanks,
Geoff