[pmwiki-users] Uploaded files world readable!?
list_ob at gmx.net
Mon Jan 7 15:01:49 CST 2013
an update on this:
>upload.php uses "fixperms($filepath,0444);", therefore uploaded files
>get world read access, correct?
no, this assumption was not correct!
The hosting service sets the permissions of my home directory to
drwx---r-x and runs Apache in a different group than the hosting
My misunderstanding was that I thought the effective permissions are
the sum of applicable owner/group permissions and the "other"
But as far as I see, "other" permissions are only applied if owner and
group do _not_ match, so ORing the permissions with 0004 doesn't give
other customers access to my files.
I don't yet know how it works at the other hosting service where
Apache is in the same group as the customer accounts. Unless I missed
something, the solution with "other" rights for Apache seems smarter
Oliver Betz, Muenchen (oliverbetz.de)
More information about the pmwiki-users