Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

FTP Permissions & Executable Scripts

Discussion in 'General Discussion' started by ashleyb, Dec 12, 2010.

  1. ashleyb

    ashleyb Registered

    Dec 12, 2010
    Likes Received:
    Trophy Points:
    I was creating ftp accounts under my main domain account via Cpanel on my VPS. The accounts are for my freelance web designers. Each ftp account had their home directory in the public_html/<ftpuser>/ folder so I could view the files live on the domain (in their own folders). The permissions seemed to be fine in FTP, the users could not modify files or travel outside of their directory.

    I wanted to see if the users were able to run system commands with a perl script (uploaded by them) accessed via a browser and when I tested a script, YES, IT WAS ABLE to run system commands and modify files OUTSIDE of their directory. I was really suprised.

    Is there any way to set it up to restrict the SCRIPT'S ACCESS to the ftp user directory only, when executed via a browser? I figured this would be a default security feature.


Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice