Apache is configured to log to files within user home
It is a security risk to write to files as root when any part
of the path is not owned by root, as symlink attacks
can cause other files to be overwritten or appended to,
allowing unauthorised changes.
on a new clean install virtualmin creates the above
see also under problem.
drwxr-xr-x 2 testing testing 4096 Feb 24 17:16 .
drwxr-xr-x 6 testing testing 4096 Feb 24 17:16 ..
-rw-r--r-- 1 root root 0 Feb 24 17:16 access_log
-rw-r--r-- 1 root root 0 Feb 24 17:16 error_log
this is particulary quite worrying to me is this something
that can be changed.