As we go through the book, we discuss security issues involved with giving people access to a low port on your machine, but we can’t go into all the details—that would result in an almost 600-page book Hacking Linux Exposed [Hatch+ 02].
Most of the following configuration directives are optional; you can do as you wish for your setup, but you should be aware of the choices you’re making. Remember, no decision is also a decision.
Make sure the user and group are set to:
User apache Group apache
The user and group could be apache or bozo or whatever. The important thing is that Apache doesn’t run as root, which, if Apache were cracked, could allow someone to crack your box from the root Apache ...