On Tue, 2011-08-09 at 23:03 +0200, Leonard den Ottolander wrote: > Hello Craig, > > On Tue, 2011-08-09 at 08:44 -0700, Craig White wrote: > > I'm quite sure that if all the files are owned by the 'department_a' > > group and 'readable' by user apache as I have indicated, > > > - create mask 664 & directory mask 775 > > Perhaps I should have made explicit in my post that I wouldn't recommend > such file permissions. Apache accessing files with world permissions is > ugly and it makes it impossible to run f.e. php with safe_mode or have > apache write files other than by allowing the world write access. Which > is why I described that setup with a shared group. ---- please explain to me how the above octal permissions with user root & group department_a translate to giving apache write access or even world write access. For that matter, please explain how if any html directory served by apache (runs as user/group apache/apache)... user/group root/department_group files 0664 directories 1775 are in any way vulnerable to world write access or otherwise represent an insecure configuration because I want to learn. I think this is reasonably secure configuration. Craig