The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Easy To Access Any Account

Discussion in 'General Discussion' started by Steven_K, Jul 24, 2003.

  1. Steven_K

    Steven_K Member

    Joined:
    Jun 14, 2003
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    Hi

    Using a very simple PHP script it is possible for anybody on the same server to read any files stored on another account - and even delete and edit if the permissions of the file are set to 777.

    I discovered this recently when somebody deleted all the writable files I had on my account.

    I thought the way to stop this from happening is to enable the "open_basedir" feature? Will this stop it from happening and how can I enable it on certain accounts from WHM (if possible)?

    If it won't, does anybody know any other way to stop people from accessing files from any account on the same server.

    Thanks in advance.

    cPanel.net Support Ticket Number:
     
  2. mmkassem

    mmkassem Well-Known Member

    Joined:
    Oct 21, 2002
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Egypt

    yeah php openbasedir should prevent that but if you already enabled it before #39 re-enable it so it can work correctly.

    cPanel.net Support Ticket Number:
     
  3. mmkassem

    mmkassem Well-Known Member

    Joined:
    Oct 21, 2002
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Egypt
    but remember 777 is very insecure already.

    cPanel.net Support Ticket Number:
     
  4. Steven_K

    Steven_K Member

    Joined:
    Jun 14, 2003
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    They were files which I wanted to write to but because they were set to 777, it allowed the person from another account to delete them.

    The point is, they shouldn't have been able to list all the files in the directory from a different account.

    Anyway, if open_basedir will stop it from happening, does anybody know how I can enable it from the reseller control panel?

    cPanel.net Support Ticket Number:
     
  5. mmkassem

    mmkassem Well-Known Member

    Joined:
    Oct 21, 2002
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Egypt
    You can not, Only root user can enable it. Openbasedir will prevent that from happening using a php script Not anything else.
     
  6. Finkinstein

    Finkinstein Well-Known Member

    Joined:
    Mar 21, 2003
    Messages:
    131
    Likes Received:
    0
    Trophy Points:
    16
    How would I enable this on a per account basis, not all?

    cPanel.net Support Ticket Number:
     
  7. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Go to "Tweak Security" in WHM and click on php openbasedir. You can select which accounts not to enable it on.

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page