On Mar 9, 2016, at 6:38 PM, Francis Roy <lists@xxxxxxxxxxxxxxxxxxxx> wrote: > Thank you that answers my question quite nicely. It's not a giant flag waving at the internet, but if someone got a hold of my machine directly, it could provide a small bit of information used in a general strategy. Right. It's not automatically unsafe to allow other users to see your mounted disks' contents[1], but the casual user's expectation is that user A can't tell what files user B has, so the default setup is to disallow that. But if you *want* to expose some files to other users (in this case, to the "_www" user that Apache runs as) then it's reasonable to give them execute (aka search) and possibly read permission. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx