Hello all,

In fact, some files and directories require full access, both for users and groups. Historically, until June 2011, rights management was handled by core.filesystem.php and plugin.thumb.php. For simplification, which is a good thing, the rights management then moved to the default.php file.
However, until Octoper 2023 not the FlatPress setup changes the permission. The default values of the permission 0777 are only read via the defaults.php - not executed. To do this, you must actively "reset the permission" in the administration area in the Maintenance panel.

Unfortunately, not all web servers are set up optimally, and the Flatpress admin does not have access to the server's permissions; possibly also not enough knowledge to secure the web server. Therefore the solution "Everyone is allowed to do everything (777)" is the easiest - and guarantees that FlatPress will run.

There are two possible solutions:

1. In the administration area, a maintenance mode with the permissions 0775 is provided in the Maintenance panel.
   In online mode, the permission is lowered to a smaller level.

or

2. the PrettyURLs plugin already offer the possibility to install a predefined .htaccess file. It may be possible to bag a little more security over this. But again, the webserver must support .htaccess.

@azett , what do you think about this?

With best regards
Frank

• Write permission for others removed by default Makeup FlatPress Installer #266 -> from 0777 becomes 0775
• Commit 0928ae8 prevents directory browsing via htaccess

I am closing this issue because we have found a good middle ground. It can be reopened if required.