2009/2/12 Uwe Laverenz <u...@laverenz.de>: > On Thu, Feb 12, 2009 at 09:39:18AM -0500, Keith Palmer wrote: > >> Thanks so much, this solution works really well! It doesn't lock users out >> of the entire system, but it does ensure that users can't view other >> user's files via SFTP/SSH, which is fantastic. > > This solution enforces the switch of all user directories to group "www", > which also means that any member of the group www gets access to these > directories. This would be even more dangerous if your webserver runs > with gid www and contains a php-module or something similar with a long > tradition of security problems. Sorry, but you really, really should not > do it this way. > > The sticky bit for group www on the public_html directories can be a good > idea, though. > > bye, > Uwe > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" >
Do you really mean sticky? Or do you mean sgid? Sgid directories are unnecessary in BSD systems anyway. In the (one true UNIX) BSD Way, new files in a directory are always of the group of the directory. Sticky is something completely different http://www.gsp.com/cgi-bin/man.cgi?section=8&topic=sticky -- R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. > (sendmail.cf) _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"