I am on a HostGator "Basic" Dedicated linux server.
A current project calls for an image library that is accessible from multiple sites on the server. We are running SuPHP so each site has a different Owner:Group. The requirement is that PHP scripts need to be able to read and write to this folder.
One solution I have found is to put the image library directly inside the Home directory : /home/library/images/
This /library/
dir has 0755 permissions, while the /images/
folder needs to have 0777 permissions. These directories are owned by root:root.
Next each site has a symlink pointing to /library/
directory.
This method works perfectly, HOWEVER what are the security implications? Would adding a .htaccess file allowing only images to be displayed + turning PHP parsing off for this directory be enough?