The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

FTP User Isolation

Discussion in 'Security' started by IceDarkness, Aug 16, 2014.

  1. IceDarkness

    IceDarkness Registered

    Joined:
    Aug 16, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    I've had a long running issue with FTP accounts. Basically, I've got two other ftp users that manage others folders on my site. The issue is, that if I login into one of those accounts, I could upload a php script and can access files in other folders outside of their ftp account. How do I make it so that each ftp user is completely isolated?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you provide a specific example of what's occurring? Note that you should really create separate accounts to get the type of isolation you are looking for.

    Thank you.
     
  3. IceDarkness

    IceDarkness Registered

    Joined:
    Aug 16, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Okay, User A has FTP access to a subfolder on my site called podcasts which he uploads podcasts to. User A can't access any folder outside of that folder but he could upload a php file to the podcasts folder and execute it via http. For example, the php file could include the Settings.php file in the forum folder (I run SMF) in the main directory. E.g.:

    Code:
    include("../forum/Settings.php");
    echo $db_passwd;
    mysql_connect($db_server, $db_user, $db_passwd) or die(mysql_error());
    ^ That's essentially all he would need to write in the file to get the database info and access the whole database.

    I know there's ways of preventing PHP from being executed altogether in that folder. Just thought there'd be an easier way to isolate individual ftp users.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    The following thread is a good place to start if you are using suPHP:

    Methods to increase security with suPHP

    You could setup a custom open_basedir entry in a php.ini file that would restrict access to a particular directory.

    Thank you.
     
Loading...

Share This Page