ca2236

Well-Known Member
Feb 2, 2018
217
22
18
Nebraska
cPanel Access Level
DataCenter Provider
Hi

We have a customer that has a handful of ftp accounts that are setup with a home directory of a particular user. From our testing, it seems that the ftp users are jailed to that directory. This is good and desired behavior. However, we have a request from our customer to keep the ftp accounts from being able to delete files in the home directory (while retaining the main ftp account's ability to delete anything)

In my test. I created a test file with the permissions of 500 (rw). However, the ftp account that I tested with was able to still delete the file. Is it possible to create this setup? I wasn't for sure since the ftp accounts don't seem to be officially on the system, but are virtual users in some way.

I'm using pure-ftpd. In additional tests, I found that when a virtual user uploads a file, it is owned by the primary user. I'm guessing that this is why a virtual user can delete files still with 500 (rw) permission set.

This would also preferably need to be setup per cpanel account and not system wide ideally, as if we get a new customer that might not this particular behavior.

Thanks for your help.
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,781
590
273
cPanel Access Level
Root Administrator
Hey there! There aren't any native tools in cPanel that would provide this functionality. You could change the permissions of the FTP user's directory to 400 so they could only have read access to the entire directory, but for more advanced control I'd recommend submitting a feature request to get this added directly to the product.
 

ankeshanand

Well-Known Member
Mar 29, 2021
66
15
8
India
cPanel Access Level
Root Administrator
Hey there! There aren't any native tools in cPanel that would provide this functionality. You could change the permissions of the FTP user's directory to 400 so they could only have read access to the entire directory, but for more advanced control I'd recommend submitting a feature request to get this added directly to the product.
There is a Technical option for Doing so. Follow the Steps Below:

mkdir /etc/vsftpd/vsftpd_user_conf (This will be our Customer config directory for vsftpd)
nano /etc/vsftpd/vsftpd_user_conf/testuser (Name the User you want)
Enter the Things below:

#Disable access to the below command#
cmds_denied=DELE,RMD


grep user_config_dir /etc/vsftpd/vsftpd.conf
Enter this:
user_config_dir=/etc/vsftpd/vsftpd_user_conf

service vsftpd reload
service vsftpd restart

I don't know if it works in cPanel correctly but It works for my Centos7 correctly because I don't know how cPanel adds user accounts and Where. More preferable way is to add a virtual user as given below:

useradd -s /bin/false testuser

Technically, The cPanel accounts should also support custom config but I highly suggest you to take a backup before doing this as its not made for cPanel Services and works with vsftpd Normal Installations.