The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

FTP Permissions & Executable Scripts

Discussion in 'General Discussion' started by ashleyb, Dec 12, 2010.

  1. ashleyb

    ashleyb Registered

    Dec 12, 2010
    Likes Received:
    Trophy Points:
    I was creating ftp accounts under my main domain account via Cpanel on my VPS. The accounts are for my freelance web designers. Each ftp account had their home directory in the public_html/<ftpuser>/ folder so I could view the files live on the domain (in their own folders). The permissions seemed to be fine in FTP, the users could not modify files or travel outside of their directory.

    I wanted to see if the users were able to run system commands with a perl script (uploaded by them) accessed via a browser and when I tested a script, YES, IT WAS ABLE to run system commands and modify files OUTSIDE of their directory. I was really suprised.

    Is there any way to set it up to restrict the SCRIPT'S ACCESS to the ftp user directory only, when executed via a browser? I figured this would be a default security feature.


Share This Page