[MTOS-dev] Default umask

[Toni Mueller]

Hi Jay,

[ sorry to reply out-of-thread ]

I guess Dominic probably wanted to say that the files end up being
world-_writable_ (not only readable).

In any case, I venture to claim that webservers nowadays usually don't
run under the UID 'nobody', but under a special webserver account, like
eg. 'www-data' on Debian, or 'www' on OpenBSD. For a restricted web
account like you say, it would be probably sufficient if the files
would be group-writable in case the user logs in to their FTP space
using some group other than that of the webserver. So, files would be
owned by the user (who needs to write them sometimes), and also be
writable by the webserver in order to effect eg. re-writing
mt-config.cgi. But at least, the files would not be writable by anyone
who just happens to have some different kind of access to that machine
(another web app, shell, or whatever), and it would imho also be good
to highlight such issues in the installation docs, too.


Kind regards,
--Toni++