php email attachment, chmod settings

I have a php script from Obie (link at bottom) which uploads a file to
the web server, then attaches it to an email, and sends it to a default
recipient.

This program requires setting a directory for the files to reside in
temporarily. What settings should I put this folder to to be most
secure, 755? 750? other? If the user is uploading, is that the
"world" permissions, or is that the "group" or "owner" permissions?
I'm not entirely sure how the upload in this script works, but it uses
the "open()" "fopen()" and "fread()" functions in there.

http://obiewebsite.sourceforge.net/o...ith_attachment

Thank you thank you thank you.

I see now that the uplod is RFC-1867:
http://us3.php.net/manual/en/features.file-upload.php

But this act of uploading - is that "owner" "group" or "other"?

Also, the fread() (which will setup to base64 encode the file): is that
running with owner, group, or other privileges?

drsmartz@yahoo.com says...

> But this act of uploading - is that "owner" "group" or "other"?

Seeing as you used the term "chmod" I presume you are talking about a
linux/Apache/PHP setup.

In that scenario the PHP script are usually run by the Apache "user" -
e.g. on my test server that user's name is "webserver" and that user is a
member of a group called "web", of which my personal user account is also
a member.

My preference for folders to be used by php for write as well as read is
personally-owned by me but group-owned by "web", and with permissions of
775 (read/write for owner and group, read-only for world). If I was ultra
cautious I might do 77x.

Geoff M