On Thu, Feb 12, 2009 at 09:39:18AM -0500, Keith Palmer wrote: > Thanks so much, this solution works really well! It doesn't lock users out > of the entire system, but it does ensure that users can't view other > user's files via SFTP/SSH, which is fantastic.
This solution enforces the switch of all user directories to group "www", which also means that any member of the group www gets access to these directories. This would be even more dangerous if your webserver runs with gid www and contains a php-module or something similar with a long tradition of security problems. Sorry, but you really, really should not do it this way. The sticky bit for group www on the public_html directories can be a good idea, though. bye, Uwe _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
