PATCH: sftp-server logging.

Dan Kaminsky dan at
Tue Mar 19 03:45:42 EST 2002

> you don't get it.
> sshd is run by root, so you trust the logfiles.

apache is run by NOBODY, Markus.  file transfer != executable access,
markus, any more than file viewing = code execution, unnamed macro virus
supporting vendor.

sftp-server is a system service that switches to user permissions for
*safety* purposes, not for ownership purposes.  it's still in the purview of
the admin, at least in many sites.

sftp ain't ready to be deployed as a replacement for ftp.  this remains of
the major reasons why.  but until the code exists, it ain't worth bitching


More information about the openssh-unix-dev mailing list