How to prevent config.php from changing owners?
On my host (nearlyfreespeech.net), CGI and PHP can create files that aren't accessible by me. When I first uploaded config.php, I was the file's owner and the conf directory's owner, but at some point while setting Vanilla up, config.php became owned by the Apache user, and I can no longer edit/delete/chown it.
How do I force Vanilla to chown files to whoever owns the directory they're in, or at least stop it from messing with config.php? Can anyone point me to where in the code this is happening?
Advice from my host:
As a security precaution, CGI and PHP scripts run with different user credentials than you do when you edit your files. Although the CGI/PHP user has significantly fewer privileges overall, it is possible to create a situation where an application creates files or directories that you do not have permission to access or remove via FTP or ssh. This typically happens if an application's umask is set incorrectly; the resulting files or directories will be owned by the "web" user and will not be group or world writable. (Correct umasks are 0 or 002, depending on the expected group ownership. A umask of 0 should work for most web applications, and does not compromise security on our system the way it does on some shared hosts.)