There is a security issue between Unix system and Apache web server.
We have many users in our Unix system, i.e. user1, user2 with home directory
An apache server (running as 'nobody') provides user directories, i.e.
[url]http://mydomain.com/~user1[/url] and [url]http://mydomain.com/~user2[/url]
user1 has a php file under /home/user1/public_html/secret.php with
permission (+acl), i.e. [url]http://mydomain.com/~user1/secret.php[/url]
# file: secret.php
# owner: cstest
# group: misc
With the acl control, only 'nobody' (i.e. the web server ) have permission
to read this file.
NO other users can logon the workstation, 'cd' to the directory and see the