i have made a test security and i have found the fallowing :

we have the fallowing synoposis :


[root@server4 www]# ls -alh
total 144K
drwxr-x--- 6 usertest nobody 4.0K Apr 10 20:09 .
drwx--x--x 13 usertest usertest 4.0K Apr 7 02:16 ..
-rw-r--r-- 1 usertest usertest 184 Apr 6 21:29 .htaccess
lrwxrwxrwx 1 usertest usertest 38 Apr 6 22:48 im1.txt -> /home/anotheruser/public_html/config.php
-rw-r--r-- 1 usertest usertest 3 May 3 2011 index.html

i can read the file of other user without any probleme !!!

normally it should verify the ownership of files before handel them .

NOTE , i use nginx as proxy of apache . when i use just apache a get a 403 error (this is a normal result) , with nginx i can read the file , becuase nginx hadler the static files + images


anyfix for this ?