Quote from: rthrash at Mar 13, 2006, 02:31 PM
Plesk servers, which are very common on shared server enviroments, run sites as the FTP user, not as the apache user. In order for the cache file to work, the files have to be 777. :/
Same with CPanel. The files are all owned by the user, but scripts are run as the Apache user. This makes it awkward when dealing with a file uploading script, since it must be able to write to the folder which is owned by the user. The files the script uploads (images, whatever) are thus owned by the Apache user, and can be troublesome for the user to deal with. And any files that a script needs to write to must also be world-writable so the Apache user can write to them. This makes it possible for anybody with access to the server (and these servers can be hosting as many as 500 different websites) to hack into your webspace and fiddle with your world-writable files and folders.
Bottom line? If your site is of any serious importance, first of all don’t use a shared hosting environment. Get at least a semi-dedicated server. Secondly, make sure your hosting is done with a php-suexec filter that lets the scripts run as your user, not as the Apache user. In fact, I’m not doing anything important, but this summer when my current hosting contract is finished, I’m moving to a hosting company that proveds PHP 5 as well as suexec, even if I end up paying a bit more (unfortunately I can’t afford a dedicated or even semi-dedicated server). The company where I am, although otherwise I have had no complaints with their service, will not even discuss either issue. So they lose my business, my partner’s business, and that of anybody I deal with who finds this to be of concern.