向apache用户授予权限

我已经开发了一个Web应用程序,该应用程序允许用户上传图像并将其转换为以后再下载的图像。我显然必须授予apache用户权限到用户可以上传的目录:

$ chown root:www-data uploadFolder
$ chmod 1775 uploadFolder

这为apache组提供了除删除之外的所有权限。

The application creates a directory for each user session inside the uploadFolder directory with 0700 permissions, and saves the user's images inside.

The uploadFolder is inside the application directory.

图片上传后,将直接(如链接)提供给客户端。

A crontab job is executing a script every 20 minutes, that checks which sessions are active and removes all files and folders inside uploadFolder that doesn't match any active session.

自两个月前以来,它一直工作良好,但是我不确定这是否会对同一VPS中的应用程序,数据库或其他站点造成危险。

有人知道在这种情况下放宽的风险吗?

还有其他避免方法吗?

这是我的Apache网站配置:

<VirtualHost *:80>
ServerName www.itransformer.es
ServerAlias itransformer.es *.itransformer.es
DocumentRoot /siteFolder
<Directory /var/www/itransformer-2.0/web>
   AllowOverride all
   Options -Indexes
</Directory>
</VirtualHost>

Added this snippet code to Apache site configuration: (this should avoid reading .htaccess files)

<Directory /uploadFolder>
   AllowOverride none
   Options -Indexes
</Directory>