First of all, Linux does have ACLs – POSIX ACLs, which allow setting the permission bits for any number of users and groups. (Patches for RichACL, ACLs very similar to NFSv4 and WinNT, have been submitted repeatedly, but not merged yet.)
Ownership can be used as a sort of safety escape – the owner can always change the object's ACLs, even if the change would be denied otherwise, for example, if someone accidentally removed all ACL entries or denied all changes to everyone. (On Linux only the owner or superuser can change a file's ACLs, since there is no separate "change ACLs" permission.)
Another use of file ownership, on both Windows NT and Linux, is for determining whose quota should the file be counted on, if disk quotas are in use.
Let's specify some keywords fists.
FTPUSER = you with your ftp client
WWWDAEMON = program (servers) that's responsible for processing your web pages and scripts
WWWUSER = user as which the WWWDAEMON processes your pages
BROWSER = Someone looking at your website with a browser
FILES = files that reside in your www/ftp site
yourgroup = group that your FTPUSER belongs to and WWWUSER does not
You access your FILES as FTPUSER with a ftp program
-rwxr-xr-x 2 FTPUSER yourgroup 72 2012-01-18 13:56 somescript.php
Now.. becasue WWWDAEMON user WWWUSER is not you (FTPUSER) it respects OTHER permissions when it tries to read
your script. (There are hosting site's that run your scripts as your FTPUSER).
Removing the other read and exec permission will block use of somescript.php
# this scipt is unusable trough a browser
-rwxr-x--- 2 FTPUSER yourgroup 72 2012-01-18 13:56 somescript.php
Creating a directory with world writeable permissions will allow your script to write there, but unless you protect that directory somehow (like with .htaccess or put it outside your www dir) it might also mean that the BROWSER can access those files directly, because:
BROWSER contacts WWWDAEMON which runs as WWWUSER so
BROWSER can see everything processed by WWWDAEMON that the WWWUSER can.
Processed also means that WWWDAEMON also respects .htaccess or similar to block access.
The advice is to create say phpwritedir
and give it a+rwx rights. Add .htaccess
file there (if your hosting service allows it)
deny from all
Whit this your script run as WWWUSER can still use that directory, but WWWDAEMON will block any BROWSER access to it.
Best Answer
The first dash
-
indicates that the file is a regular file.