If one's very careful (and sufficiently self-confident ;-) it's possible to code this in a way that's pretty safe. The problem is that if somehow the use might get a filepath smuggled in somehow, there's a lot of havoc to be created.

The Unix permissions are not as fine-grained as those of Windows NT/2000. The Unix write permission allows one to change and delete the object. This means that any file that can be written by the userID running the httpd can be changed/deleted, including log files.

Again, if one can make absolutely sure that the user never gets to set filepaths, for example by using a hash to map an file ID to an actual file name, there's no problem in having users delete files.

I just wanted to stress that one has to be very alert when writing this kind of scripts.

Just my 2 cents, -gjb-