If I write a script that I want others to be able to put on their servers, what is the best recommendation for chmodding the directory it is in?
The script needs to be able to create subdirectories, create and modify files, and delete them. This only needs to occur in the directory the script is sitting in. What I'm struggling to understand is who exactly would be doing this. The "apache" user, "www" or the actual human user who owns the server? I've read that the apache user is in the "everyone" group and so therefore I'm assuming the directory this script is in needs to have permissions set to 777. But then I've also read this is probably insecure.
Why is this insecure? Who could possibly have permission to write/delete stuff apart from the server and the human owner of the server?
Finally (the reason this is in the PHP forum), is the PHP engine a separate user? If so, does that mean the PHP user is the one creating/modifying/deleting files, or is this task passed to the apache user?