im looking to enable 770 permissions on a sub-server’s public_html directory (or one or more directories under that) so that the lone user of said sub-server can sftp new files into it in automated fashion.
ive got everything working for testing purposes, but wanted to make sure i wasnt creating a security issue by moving into production with the proposed permissions?
It is reasonably safe as long as you aren’t using mod_php or any execution mode that runs scripts as the web server user.
I assume, of course, that you trust the users in the domain (all mail/FTP users are in the domain group) to not be nefarious actors (or just dangerously incompetent).