>>116
http://httpd.apache.org/docs/2.2/en/misc/security_tips.html

If the logs directory is writeable (by a non-root user), someone could replace a log file
with a symlink to some other system file, and then root might overwrite that file with arbitrary data.