[pmwiki-users] Uploaded files world readable!?

Oliver Betz list_ob at gmx.net
Mon Jan 7 15:01:49 CST 2013


an update on this:

>upload.php uses "fixperms($filepath,0444);", therefore uploaded files
>get world read access, correct?

no, this assumption was not correct!

The hosting service sets the permissions of my home directory to
drwx---r-x and runs Apache in a different group than the hosting
clients.

My misunderstanding was that I thought the effective permissions are
the sum of applicable owner/group permissions and the "other"
permissions.

But as far as I see, "other" permissions are only applied if owner and
group do _not_ match, so ORing the permissions with 0004 doesn't give
other customers access to my files.

I don't yet know how it works at the other hosting service where
Apache is in the same group as the customer accounts. Unless I missed
something, the solution with "other" rights for Apache seems smarter
to me.

Oliver
-- 
Oliver Betz, Muenchen (oliverbetz.de)




More information about the pmwiki-users mailing list