Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Lock files or limit acces to only public_html

Discussion in 'Security' started by josuablirup, Jul 25, 2013.

  1. josuablirup

    josuablirup Registered

    Joined:
    Feb 8, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello everyone

    We decided to create a separate post for this issue:

    1. Is it not possible to restrict users from having access to the entire /home/$user directory?
    3. Is it possible to create files by root that the user cannot edit?

    We are already using Cloud Linux but have found no way so far to accomplish any of these. We have tried setting ownership of files to 0444 and owner root but these settings are just overwritten by "File Manager".

    We have searched for quite a long time for any potential solution to "jail" users to only having access to the /home/user1/public_html directory but so far we haven't found any solution

    We appreciate any help
     
    #1 josuablirup, Jul 25, 2013
    Last edited: Jul 25, 2013
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,890
    Likes Received:
    91
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    We are already using Cloud Linux but have found no way so far to accomplish any of these. We have tried setting ownership of files to 0444 and owner root but these settings are just overwritten by "File Manager".

    -> You can try to add file attributes for it using chattr +ai and files that you want to restrict from file managers. So that change or modifications in file permissions and ownership could not be done and it will remain same as you defined.

    Further, It could not be possible that if a file is having a root.root ownership can get modified by a normal user. You need to assign sudo privileges to that particular user.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 24x7server, Jul 25, 2013
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,555
    Likes Received:
    2,182
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Which specific service are you referring to (e.g. SSH, FTP)? Could you provide an example of where an account can access the entire /home directory through this service?

    Thank you.
     
    #3 cPanelMichael, Jul 25, 2013
  4. josuablirup

    josuablirup Registered

    Joined:
    Feb 8, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hey Michael

    Sorry, what I meant to write was the user has access to the entire: /home/user directory where we would actually like them to only have access to /home/user/public_html

    I have tested this with several clients now following this procedure:

    1. Connect through SSH
    2. Create file test.foo
    3. chmod 444
    4. chown root:root test.foo

    Then I login with the user through domain.com/cpanel
    1. File Manager
    2. Edit file code or non-code
    3. Save
    4. Succes

    The file is now owned by user:user and nothing prevented them from doing this.
     
    #4 josuablirup, Jul 25, 2013
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,555
    Likes Received:
    2,182
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    It's not possible to limit a cPanel account's access to the public_html directory itself. You can create a virtual FTP account that can only access the public_html directory, but the cPanel account will always have access to it's home directory. I have opened an inquiry with our development team regarding the ability to access files owned by "root" within File Manager. For reference, the internal case number is 74121. I will update this thread with the answer when it becomes available.

    Thank you.
     
    #5 cPanelMichael, Jul 26, 2013
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,555
    Likes Received:
    2,182
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Per the internal case:

    Thank you.
     
    #6 cPanelMichael, Jul 26, 2013
(You must log in or sign up to post here.)
Loading...
Similar Threads - Lock files limit
  1. spaceman

    Version control and any cPanel features that modify files like IP Blocker

    spaceman, Apr 5, 2019, in forum: General Discussion
    Replies:
    4
    Views:
    687
    spaceman
    Apr 17, 2019
  2. Ardelean Vlad

    SOLVED Apache 2.4 deny from all blocks only css and js files

    Ardelean Vlad, Oct 27, 2017, in forum: EasyApache
    Replies:
    7
    Views:
    2,501
    Ardelean Vlad
    Nov 1, 2017
  3. Ripul

    Block account sending phishing email?

    Ripul, Jul 7, 2019, in forum: E-mail Discussion
    Replies:
    1
    Views:
    159
    cPanelMichael
    Jul 8, 2019
  4. duyngaodu

    SOLVED The last attempt to update cPanel & WHM was blocked

    duyngaodu, Jul 5, 2019, in forum: General Discussion
    Replies:
    4
    Views:
    303
    cPanelMichael
    Jul 8, 2019
  5. z3d3m0n

    Interactive pdf forms in email blocked

    z3d3m0n, Jul 3, 2019, in forum: E-mail Discussion
    Replies:
    2
    Views:
    218
    cPanelLauren
    Jul 5, 2019

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice