I know that. But he didn't say "apache", he said "the apache user". When Apache is running as root, it can open /etc/shadow. But then it's running a root, not as "the apache user".

Abigail