SFTP Security

**imagize** · 06-22-2008, 05:16 AM

Why is that when a user logs in via SFTP that they can traverse out of their home directory and go into important directories like /usr and /var? These are normal user accounts not root and they don't even have shell access.

How do you disable SFTP or contain users to their own home directories when using SFTP?

Thanks

**cPanelDavidG** · 06-23-2008, 03:33 PM

Originally Posted by imagize

Why is that when a user logs in via SFTP that they can traverse out of their home directory and go into important directories like /usr and /var? These are normal user accounts not root and they don't even have shell access.

How do you disable SFTP or contain users to their own home directories when using SFTP?

Thanks

Users can only browse these directories, they cannot perform modifications to any file they do not have access to. The ability to traverse outside of ~ is an artifact of using a *nix file system.

**chirpy** · 06-25-2008, 04:12 AM

Indeed. It's also a fact of life of shared web hosting. For example, any perl script can also view the same files. It's why correct directory and file permissions settings are critical in a shared environment.

Forums

Thread: SFTP Security

LinkBack

Thread Tools

SFTP Security

Similar Threads

Creating SFTP

JailShell for SFTP?

Sftp

FTP vs SFTP

SFTP/SSH really concerns me! Security!

cPanel & WHM

Enkompass

Help

Community

Company

Connect with Us