On Nov 18, 2007, at 1:43 PM, Larry Garfield wrote:
It needs to be read/write/executable to whatever user apache runs as. Ideally that would mean putting apache and the owner of the files in the same group and then setting permissions to 0775 instead, but on most shared hosts you can't actually do that so you have to use 777.
Hmmm. This seems really ugly. I want to have a members-only section, where I can upload private files as attachments to stories. The nodeaccess module lets me restrict access to the story itself, but it looks like the file attachments would be wide open to any other customer of my web hosting service who can find the directory via the file manager (or shell access). Surely this is not good.
-- roy@panix.com