The danger of directories permissive

view full story

http://stackoverflow.com – I've developed a web application that lets the users to upload images and transform them to later download them again transformed. I obviously had to give apache user permissions to the folder where users can upload: $ chown root:www-data uploadFolder $ chmod 1775 uploadFolder This, gives apache group all permissions, except removing (this is done by the one before 775). The application creates a folder for each session inside the uploadFolder with 0700 permissions, and saves the user's images inside. A crontab job is executing a script every 20 minutes, that checks which sessions are act (HowTos)