amd64/154112: user can delete file witch owned by root:wheel

[Ihor R]

The following reply was made to PR amd64/154112; it has been noted by GNATS.

From: Ihor R <kaba at goodnet.com.ua>
To: <bug-followup at FreeBSD.org>, <kaba at goodnet.com.ua>
Cc:  
Subject: Re: amd64/154112: user can delete file witch owned by root:wheel
Date: Tue, 18 Jan 2011 21:27:23 +0200

  On Tue, 18 Jan 2011 16:22:53 GMT, kib at FreeBSD.org wrote:
 > User home directory is owned by user, right ?
 > The system works as intended, read about unix file permission model.
 
  The home user directory is owned by user, but I quote don't understand 
  how I can provide hosting service for my users, if anybody user can 
  delete any files in his home directory. By example:
 
  if I want to block some resources, like site, by adding "deny from all" 
  to .htaccess and replace owner of this file to root:wheel. User can not 
  change this file (rewrite) but he can delete this file any time he wish 
  - and the site will go on to work and can make some steps to damage 
  server.
 
  Can you please explain me how can I get back to Unix where users can't 
  delete file which they not own. What steps I need to do to solve current 
  problem.
  I need that users can't change or delete files, that users not own, 
  anyway it's (files) placed.