Hello! Let's assume the following file permissions:
drwxr-xr-x root root /srv drwxr-x--- root srv-www /srv/www drwxrws--x root dev-1 /srv/www/dom-1 -rw-rw-r-- usr-1 dev-1 /srv/www/dom-1/index.php While the html subfolder perms allow write access only to root and users within dev-1, index.php would be world-readable, but "indirectly" filtered by the perms of www, which denies access to anyone that is not a group member of srv-www. (of course, any member of dev-1 must be a member of srv-www, too) The idea is to distinct between one user (file-owner), one group with write access (e.g. developer) and one group with limited read access (webserver), and to deny access to anyone else at the same time, using standard unix access rights. Are there any security implications? By now, I only came across that remounting the file structure would break the permissions in effect. But (re)mounting shall be allowed by root only. /andy