an update on this: >upload.php uses "fixperms($filepath,0444);", therefore uploaded files >get world read access, correct?
no, this assumption was not correct! The hosting service sets the permissions of my home directory to drwx---r-x and runs Apache in a different group than the hosting clients. My misunderstanding was that I thought the effective permissions are the sum of applicable owner/group permissions and the "other" permissions. But as far as I see, "other" permissions are only applied if owner and group do _not_ match, so ORing the permissions with 0004 doesn't give other customers access to my files. I don't yet know how it works at the other hosting service where Apache is in the same group as the customer accounts. Unless I missed something, the solution with "other" rights for Apache seems smarter to me. Oliver -- Oliver Betz, Muenchen (oliverbetz.de) _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
