FTP Disabled by Default in Version 86

benito

Well-Known Member
Jan 8, 2004
375
10
168
Mar del Plata - Argentina
cPanel Access Level
Root Administrator
Twitter
Hello!

I just got the Jan Newsletter and noticed this about FTP. FTP Disabled by Default in Version 86 | cPanel

Our customers are really used to create regular FTP accounts for 3rd party people, like designers, etc to not give full access to cPanel giving their main user and password for sftp.

Since version 86 and asuming we will keep disabled FTP, how they can give limited access to their files?

Thanks
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
77
308
cPanel Access Level
Root Administrator
Hi,

Excellent question! Only new installations will have FTP disabled. If you prefer to keep it that way, we provide a WebDAV service, known in the product as WebDisk. Similar to FTP, users can create logins with limited access to their files. WebDisk should work with many (most?) IDEs and operating systems. Like FTP, WebDisk works over SSL so logins would be protected.
 

vacancy

Well-Known Member
Sep 20, 2012
398
118
93
Turkey
cPanel Access Level
Root Administrator
A ridiculous change.

How many users do not use ftp service?

Using sftp is a bad suggestion. When you use sftp, file ownership will be root, this time you need to edit the file ownership every time you do it, this creates an unnecessary workload.
 
Last edited:

DomineauX

Well-Known Member
PartnerNOC
Apr 12, 2003
429
11
168
Houston, TX
cPanel Access Level
Root Administrator
Using sftp is a bad suggestion. When you use sftp, file ownership will be root, this time you need to edit the file ownership every time you do it, this creates an unnecessary workload.
Not if you sftp as the cPanel account, which works just fine, but is only available for the cPanel account user and not additional FTP accounts.
But saying that additional FTP accounts are now completely useless, you must use WebDisk, isn't a sufficient answer.
 

Valetia

Well-Known Member
Jun 20, 2002
216
10
168
cPanel Access Level
Root Administrator
Plain text FTP is of course insecure and should be disabled by default.

However, what is the exact reason for cPanel choosing to also disable FTP over TLS/SSL?
 

sparek-3

Well-Known Member
Aug 10, 2002
1,983
218
343
cPanel Access Level
Root Administrator
I would encourage administrators or cPanel if they feel so inclined, to consider integrating mod_sftp with proftpd as part of the standard cPanel setup:


I would tend to agree with removing standard FTP access (although, seems kind of drastic to just shut it off completely... but then again, how else do you get users to move to more secure alternatives). But I think SFTP is a better alternative than WebDav, since SFTP acts almost exactly like FTP except it's secure.
 

Valetia

Well-Known Member
Jun 20, 2002
216
10
168
cPanel Access Level
Root Administrator
I would tend to agree with removing standard FTP access (although, seems kind of drastic to just shut it off completely... but then again, how else do you get users to move to more secure alternatives). But I think SFTP is a better alternative than WebDav, since SFTP acts almost exactly like FTP except it's secure.
But not FTP over TLS/SSL?
 

sparek-3

Well-Known Member
Aug 10, 2002
1,983
218
343
cPanel Access Level
Root Administrator
But not FTP over TLS/SSL?
Well... I just think SFTP is cleaner. When you really look at FTP, it's a mess of a protocol. Active vs. Passive. Control channels and Data channels. Adding TLS certificates for each domain (I assume) would add another element of SNI needed. SFTP just simplifies things a whole lot.

I also suspect that most FTP clients support SFTP now. Rather than the added element of TLS and SNI.