Why are files uploaded using FrontPage owned by the user 'nobody'?

Question:

Why are files uploaded using FrontPage owned by the user 'nobody'?

Answer:

This is due to the fact that Apache by default runs as the user 'nobody'.

Software:

Microsoft FrontPage

Detail:

As FrontPage connects to the server via Apache, the creation of any files use the same owner as that of Apache which is 'nobody'.  The reason Apache runs under this 'nobody' user is due to security.  When Apache first starts, the initial daemon runs as the user 'root' in order to be able to bind to ports 80 and 443 (which are used for http and https protocols respectively).  However, this is a potential security problem which could lead to someone running a command as root on your system.  To prevent this, the daemons which actually do all of the work run as the user 'nobody'.  As 'nobody' should have almost no access rights on the server, if someone ran a command through Apache it would be able to affect only a limited number of files, with none of them being the core files such as the password file.

Solution:

Once a site has been created using FrontPage, FrontPage should always be used to editing and updates.  It is not a good idea to switch back and forth between FrontPage and FTP.

However, if you must upload a file via FTP to a FrontPage site, then once the file has been placed in the site's htdocs directory the ownership must be altered to 'nobody'.  This is handled by connecting to the account through a shell and running the following command:

    chown nobody /path-to-file/file

Once the file is owned by 'nobody', FrontPage will be able to access it.