i have made a test security and i have found the fallowing :
we have the fallowing synoposis :
[[email protected] www]# ls -alh
drwxr-x— 6 usertest nobody 4.0K Apr 10 20:09 .
drwx–x--x 13 usertest usertest 4.0K Apr 7 02:16 …
-rw-r–r-- 1 usertest usertest 184 Apr 6 21:29 .htaccess
lrwxrwxrwx 1 usertest usertest 38 Apr 6 22:48 im1.txt ->
-rw-r–r-- 1 usertest usertest 3 May 3 2011 index.html
i can read the file of other user without any probleme !!!
normally it should verify the ownership of files before handel them .
NOTE , i use nginx as proxy of apache . when i use just apache a get a
403 error (this is a normal result) , with nginx i can read the file ,
becuase nginx hadler the static files + images
anyfix for this ?
Posted at Nginx Forum: