I was expecting file permissions set via SSH/Telnet to affect what a web user could see. It appears they basically don’t affect this. Is this how it works? Or is there something I’m missing?
For example, take a domain with one benign text file. No .htaccess file, no password protection. Very simple. I come in with a clean restarted browser and I can see this file and see its contents whether permissions are rrr, rr- or r–. When I remove all permissions, then I cannot see the file. So user, group, or other do not come into play with a web user, yes?
I understand other ways to protect for this. But I was expecting permissions to also have some effect.
Thanks for any comments,