Does anyone knows to change ftp password themselves with web interface??

[hiroysato]

Dear forum members.

Does anyone knows to change ftp password themselves with web interface??

I'm manging one domain . and I have many ftp users.
Anytime the users want to change their ftp password.

I found e-mail password change page but I can't find about ftp

Thank you for your advice.

 

[logicsupport]

In order to change the password for your main FTP account, you have to change the password for the cPanel itself, as both use the same login details.

If you want to change the password for a secondary FTP account, follow :

cPanel => FTP Manager => FTP Accounts => Password

 

[hiroysato]

Password change without main FTP account

Hi, logicsupport
Thank you for your advice.

I would like to change password for secondary FTP accounts
*WITHOUT* main FTP accounts.

Because the users for secondary FTP accounts doesn't know
about main FTP account information.

Do you have any good idea??


extension module or alternative software always welcome .

Thank you for your advice.

 

[logicsupport]

The method I have explained is for the secondary ftp accounts under that particular domain .

cPanel => FTP Manager => FTP Accounts ( the account you need to change the password for) => Password

Are you not able to see the ftp accounts , when you follow the steps I have given ?

Right side of each account , you can see " Password " . Click on that to change the password .

 

[hiroysato]

how to login second account..

It seems basic question.

For example, second account name is [email protected]

First of all, I accessed the following URL

1) http://www.example.com/cpanel
.. and authentication required.

2) I entered authentication information.
Type 1
username : [email protected]
password : user1's password.

Type 2
username : user1
password : user1's password.

both failed authentication.
so I can't go next step.

Could you tell me what I mistake??
I created only FTP account, not create e-mail account.

Thank you for your advice.

 

[logicsupport]

How did you create the FTP account ?

 

[cpanelinfoseeker]

It seems basic question.

For example, second account name is [email protected]

First of all, I accessed the following URL

1) http://www.example.com/cpanel
.. and authentication required.

2) I entered authentication information.
Type 1
username : [email protected]
password : user1's password.

Type 2
username : user1
password : user1's password.

both failed authentication.
so I can't go next step.

Could you tell me what I mistake??
I created only FTP account, not create e-mail account.

Thank you for your advice.

Login to cPanel with your cPanel login, not the FTP login.
After you are in cPanel goto FTP Accounts. When in FTP Accounts look for the user you want to change the password. Choose the Change Password icon for the desired account (same line) and enter the new password.

Ron

 

[hiroysato]

logicsupport, cpanelinfoseeker
Thank you for your information.

The answer of myquestion is
``FTP login can't change password themselves''

it need cPanel login.

 

[thewebhosting]

You cannot change the FTP password without login to cPanel.

 

[lpickup]

You cannot change the FTP password without login to cPanel.

I have the same question, and while this does appear to be the correct answer, is this not a shortcoming? Is this limitation by design? Is there a plan to provide a way for FTP users (that do not have the main cPanel password) be able to change their own passwords without the administrator's intervention?

...Lance

 

[cpanelinfoseeker]

I have the same question, and while this does appear to be the correct answer, is this not a shortcoming? Is this limitation by design? Is there a plan to provide a way for FTP users (that do not have the main cPanel password) be able to change their own passwords without the administrator's intervention?

...Lance

I see this as a security feature. Only the person with the cPanel login information can change the FTP users information.
Ron

 

[lpickup]

I see this as a security feature. Only the person with the cPanel login information can change the FTP users information.
Ron

Agreed if not implemented correctly, but if the user were required to authenticate using their current password in order to change their password, would that not be secure?

Just like with webmail, webmail users are not required to have the cPanel login information to access their mail and change their password, why is the same not true for ftp users?

Thanks,
...Lance

 

[cpanelinfoseeker]

Agreed if not implemented correctly, but if the user were required to authenticate using their current password in order to change their password, would that not be secure?

Just like with webmail, webmail users are not required to have the cPanel login information to access their mail and change their password, why is the same not true for ftp users?

Thanks,
...Lance

I have seen the logs of hackers trying to gain access through my FTP accounts. What they don't know its the accounts are removed right after I am done with them so they are really wasting their time, but they do try. After a few wrong attempts, they are blocked automatically (Thank you Chirpy), but they still try.

I also have disabled the resetting of email passwords and require them to be changed in the cPanel interface. Email is not as much of a risk as they can only send / receive email whereas the FTP login could be a real source of problems in the wrong hands.

I can see where some may want to have this option available, but I prefer to be as secure as possible.

Ron

 

[lpickup]

Somehow I am missing the link between hackers trying to log in through FTP and legitimate users being able to change their passwords without logging into the cPanel admin password.

Maybe my usage model is wrong, so if there is a different way this should be done, let me know:

A group of myself and 3 other developers are working together to develop a web site. I have given each of them (and myself) a sandbox directory where we can experiment with new ideas and test out new code. Therefore I have created an ftp account for each of them to be able to upload their code. However I do not necessarily want them to be able to access the main admin cPanel.

So basically I am the only one that can assign passwords. They either have to expose their requested password to me, or I have to create a password for them that may not be their preference. And if in the name of security (or other reasons) they want to change it, they need to go through me--meaning 2 people know the password--and then I log on to a server using a password and change their password. How is that any more secure than that person directly logging on to that same server, using their existing password rather than the admin password, and then changing the password?

...Lance

 

[cpanelinfoseeker]

I think most of us are under the assumption that the cPanel admin has the knowledge that a secure password is needed and that most "regular" users want a "simple" password.

When users were able to change their own password for email, you would not believe how many did "1234" or "password" or their first name(same as email address)! I did not believe it until I had to troubleshoot their spam email problem. That is why the email system on my servers are locked down to requiring the password to be changed through the cPanel interface, and then requiring the password to be secure by having it meet my minimum requirements (password strength). The administrators seem to not have a problem with it, and the users accept the fact that this is their password.

Maybe your 3 developers are exceptional and will choose secure passwords, maybe they are good at what they do and have no idea about password security. I don't know. At least by having the password changed in the cPanel interface, they need to meet the pre-determined minimum security setting to be able to change it, and we are sure that someone who should be changing it is the one changing it. I err on the side of security, but this has kept my servers pretty secure so far.

Perhaps they will implement this "feature", but I hope it can also be disabled easily.

just my 2 cents,
Ron