[Sussex] File Permissions and Uploading

[John Crowhurst]

> Does this affect the permissions you would give it?  It means that the
> directory has to be world readable, but not writable, it does however
> need to be writable for the user, hence the query if 755 is
> acceptable.

I tend to use 711 for a simple reason. If you have a website setup and the
user doesn't upload a default page (could be index.html), and someone
looks at the URL.

If the permissions are 755, that person can see every file in that
directory. With permissions set to 711, that person will get a 403
Forbidden.

Execute permissions allow files to be read from a directory, but the
filenames are not viewable, as the read permission is required for that
function. The webserver knows what the default page is called and simply
tries to open it.

--
John