Appropriate default permissions

[Roger Luethi <rl...@hellgate.ch>]

The documentation says about apr_file_open():

# If perm is APR_OS_DEFAULT and the file is being created, appropriate
# default permissions will be used.

The mode permissions that are set by APR_OS_DEFAULT seem rather arbitrary,
they have already been changed in CVS from 0777 to 0666. I don't think the
default should be "allow all access the umask doesn't prohibit". I prefer
APIs to try and be secure unless the programmer explicitly drills a hole.

On the other hand, I am aware there is some tradition with programs
creating 0666 files. I suggest that at least the documentation be updated
to indicate that APR_OS_DEFAULT creates files readable and writable by
anyone (unless umask prevents it). "Appropriate" seems to be somewhat
misleading for most files a typical application creates.

Roger