i have made a test security and i have found the fallowing :
we have the fallowing synoposis :
[root@server4 www]# ls -alh
total 144K
drwxr-x--- 6 usertest nobody 4.0K Apr 10 20:09 .
drwx--x--x 13 usertest usertest 4.0K Apr 7 02:16 ..
-rw-r--r-- 1 usertest usertest 184 Apr 6 21:29 .htaccess
lrwxrwxrwx 1 usertest usertest 38 Apr 6 22:48 im1.txt -> /home/anotheruser/public_html/config.php
-rw-r--r-- 1 usertest usertest 3 May 3 2011 index.html
i can read the file of other user without any probleme !!!
normally it should verify the ownership of files before handel them .
NOTE , i use nginx as proxy of apache . when i use just apache a get a 403 error (this is a normal result) , with nginx i can read the file , becuase nginx hadler the static files + images
anyfix for this ?