By the way, nobody is used on MOST Apache servers, but not all. Nobody is typically used on ze Linux systems. Commonly-known fact: Apache is started as god-mode, before changing to nobody. The purpose of nobody, according to Ken Coar (proud developer of Apache from IBM), is not basically for file security, more of a centralised webserving because for all scripts to be accessed without using nobody, Apache would have to be installed on EVERY user for it to function, with different IPs to boot. :O The only time where security is at danger is when its identity is allowed to change -- therefore the need of a controlled environment, and this is where susexec comes in.