From c6683733eecd800a17693df45c12ae1acd8610ad Mon Sep 17 00:00:00 2001
From: rugk <rugk@posteo.de>
Date: Sat, 25 Nov 2017 19:19:17 +0100
Subject: [PATCH] add info how to condfigure file level permissions

---
 Installation.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Installation.md b/Installation.md
index a59321a..298762b 100644
--- a/Installation.md
+++ b/Installation.md
@@ -69,6 +69,12 @@ to your PrivateBin installation.
 More details can be found in the
 [configuration documentation](https://github.com/PrivateBin/PrivateBin/wiki/Configuration).
 
+### File-level permissions
+
+After completing the installation, you should make sure, other users on the system cannot read the config file or the `data/` directory, as – depending on your configuration – potential secret information are saved there.
+
+See [this FAQ item](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#what-are-the-recommended-file-and-folder-permissions-for-privatebin) for a detailed guide on how to "harden" the permissions of files and folders.
+
 ## Advanced installation
 
 ### Web server configuration
@@ -84,7 +90,7 @@ some known robots and link-scanning bots. If you use Apache, you can rename the
 file to `.htaccess` to enable this feature. If you use another webserver, you
 have to configure it manually to do the same.
 
-### On using Cloudflare
+### When using Cloudflare
 
 If you want to use PrivateBin behind Cloudflare, make sure you have disabled the Rocket
 loader and unchecked "Javascript" for Auto Minify, found in your domain settings,