I have a question about file permissions for the owner of a file.
0400 permission means owner has read access. 0600 means, that the owner has read + write access.
But even if the file is set to 0400, the owner has always the possibility of changing the permissions, so the file is virtually writable by the owner all the time.
My question is, is there a way of preventing the owner of the file of chmod ?
The concrete use case is for the user www-data that runs apache. I want the web app files to be set at 0400, so they can't be edited by the app itself in case of a security breach.
Thank you
www-data
really have to own the files?