The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Does anyone knows to change ftp password themselves with web interface??

Discussion in 'General Discussion' started by hiroysato, Sep 11, 2009.

  1. hiroysato

    hiroysato Registered

    Joined:
    Sep 11, 2009
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Dear forum members.

    Does anyone knows to change ftp password themselves with web interface??

    I'm manging one domain . and I have many ftp users.
    Anytime the users want to change their ftp password.

    I found e-mail password change page but I can't find about ftp

    Thank you for your advice.
     
  2. logicsupport

    logicsupport Well-Known Member

    Joined:
    Jun 5, 2007
    Messages:
    138
    Likes Received:
    0
    Trophy Points:
    16
    In order to change the password for your main FTP account, you have to change the password for the cPanel itself, as both use the same login details.

    If you want to change the password for a secondary FTP account, follow :

    cPanel => FTP Manager => FTP Accounts => Password
     
  3. hiroysato

    hiroysato Registered

    Joined:
    Sep 11, 2009
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Password change without main FTP account

    Hi, logicsupport
    Thank you for your advice.

    I would like to change password for secondary FTP accounts
    *WITHOUT* main FTP accounts.

    Because the users for secondary FTP accounts doesn't know
    about main FTP account information.

    Do you have any good idea??


    extension module or alternative software always welcome .

    Thank you for your advice.
     
  4. logicsupport

    logicsupport Well-Known Member

    Joined:
    Jun 5, 2007
    Messages:
    138
    Likes Received:
    0
    Trophy Points:
    16
    The method I have explained is for the secondary ftp accounts under that particular domain .

    cPanel => FTP Manager => FTP Accounts ( the account you need to change the password for) => Password

    Are you not able to see the ftp accounts , when you follow the steps I have given ?

    Right side of each account , you can see " Password " . Click on that to change the password .
     
  5. hiroysato

    hiroysato Registered

    Joined:
    Sep 11, 2009
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    how to login second account..

    It seems basic question.

    For example, second account name is user1@example.com

    First of all, I accessed the following URL

    1) http://www.example.com/cpanel
    .. and authentication required.

    2) I entered authentication information.
    Type 1
    username : user1@example.com
    password : user1's password.

    Type 2
    username : user1
    password : user1's password.

    both failed authentication.
    so I can't go next step.

    Could you tell me what I mistake??
    I created only FTP account, not create e-mail account.

    Thank you for your advice.
     
  6. logicsupport

    logicsupport Well-Known Member

    Joined:
    Jun 5, 2007
    Messages:
    138
    Likes Received:
    0
    Trophy Points:
    16
    How did you create the FTP account ?
     
  7. cpanelinfoseeker

    cpanelinfoseeker Well-Known Member

    Joined:
    Oct 25, 2002
    Messages:
    325
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    NE Illinois
    cPanel Access Level:
    Root Administrator
    Login to cPanel with your cPanel login, not the FTP login.
    After you are in cPanel goto FTP Accounts. When in FTP Accounts look for the user you want to change the password. Choose the Change Password icon for the desired account (same line) and enter the new password.

    Ron
     
  8. hiroysato

    hiroysato Registered

    Joined:
    Sep 11, 2009
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    logicsupport, cpanelinfoseeker
    Thank you for your information.

    The answer of myquestion is
    ``FTP login can't change password themselves''

    it need cPanel login.
     
  9. thewebhosting

    thewebhosting Well-Known Member

    Joined:
    May 9, 2008
    Messages:
    1,201
    Likes Received:
    1
    Trophy Points:
    38
    You cannot change the FTP password without login to cPanel.
     
  10. lpickup

    lpickup Registered

    Joined:
    Sep 30, 2004
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    I have the same question, and while this does appear to be the correct answer, is this not a shortcoming? Is this limitation by design? Is there a plan to provide a way for FTP users (that do not have the main cPanel password) be able to change their own passwords without the administrator's intervention?

    ...Lance
     
  11. cpanelinfoseeker

    cpanelinfoseeker Well-Known Member

    Joined:
    Oct 25, 2002
    Messages:
    325
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    NE Illinois
    cPanel Access Level:
    Root Administrator
    I see this as a security feature. Only the person with the cPanel login information can change the FTP users information.
    Ron
     
  12. lpickup

    lpickup Registered

    Joined:
    Sep 30, 2004
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Agreed if not implemented correctly, but if the user were required to authenticate using their current password in order to change their password, would that not be secure?

    Just like with webmail, webmail users are not required to have the cPanel login information to access their mail and change their password, why is the same not true for ftp users?

    Thanks,
    ...Lance
     
  13. cpanelinfoseeker

    cpanelinfoseeker Well-Known Member

    Joined:
    Oct 25, 2002
    Messages:
    325
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    NE Illinois
    cPanel Access Level:
    Root Administrator
    I have seen the logs of hackers trying to gain access through my FTP accounts. What they don't know its the accounts are removed right after I am done with them so they are really wasting their time, but they do try. After a few wrong attempts, they are blocked automatically (Thank you Chirpy), but they still try.

    I also have disabled the resetting of email passwords and require them to be changed in the cPanel interface. Email is not as much of a risk as they can only send / receive email whereas the FTP login could be a real source of problems in the wrong hands.

    I can see where some may want to have this option available, but I prefer to be as secure as possible.

    Ron
     
  14. lpickup

    lpickup Registered

    Joined:
    Sep 30, 2004
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Somehow I am missing the link between hackers trying to log in through FTP and legitimate users being able to change their passwords without logging into the cPanel admin password.

    Maybe my usage model is wrong, so if there is a different way this should be done, let me know:

    A group of myself and 3 other developers are working together to develop a web site. I have given each of them (and myself) a sandbox directory where we can experiment with new ideas and test out new code. Therefore I have created an ftp account for each of them to be able to upload their code. However I do not necessarily want them to be able to access the main admin cPanel.

    So basically I am the only one that can assign passwords. They either have to expose their requested password to me, or I have to create a password for them that may not be their preference. And if in the name of security (or other reasons) they want to change it, they need to go through me--meaning 2 people know the password--and then I log on to a server using a password and change their password. How is that any more secure than that person directly logging on to that same server, using their existing password rather than the admin password, and then changing the password?

    ...Lance
     
  15. cpanelinfoseeker

    cpanelinfoseeker Well-Known Member

    Joined:
    Oct 25, 2002
    Messages:
    325
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    NE Illinois
    cPanel Access Level:
    Root Administrator
    I think most of us are under the assumption that the cPanel admin has the knowledge that a secure password is needed and that most "regular" users want a "simple" password.

    When users were able to change their own password for email, you would not believe how many did "1234" or "password" or their first name(same as email address)! I did not believe it until I had to troubleshoot their spam email problem. That is why the email system on my servers are locked down to requiring the password to be changed through the cPanel interface, and then requiring the password to be secure by having it meet my minimum requirements (password strength). The administrators seem to not have a problem with it, and the users accept the fact that this is their password.

    Maybe your 3 developers are exceptional and will choose secure passwords, maybe they are good at what they do and have no idea about password security. I don't know. At least by having the password changed in the cPanel interface, they need to meet the pre-determined minimum security setting to be able to change it, and we are sure that someone who should be changing it is the one changing it. I err on the side of security, but this has kept my servers pretty secure so far.

    Perhaps they will implement this "feature", but I hope it can also be disabled easily.

    just my 2 cents,
    Ron
     
Loading...

Share This Page