Lock files or limit acces to only public_html

josuablirup · Jul 25, 2013

Hello everyone

We decided to create a separate post for this issue:

Is it not possible to restrict users from having access to the entire /home/$user directory?

Is it possible to create files by root that the user cannot edit?

We are already using Cloud Linux but have found no way so far to accomplish any of these. We have tried setting ownership of files to 0444 and owner root but these settings are just overwritten by "File Manager".

We have searched for quite a long time for any potential solution to "jail" users to only having access to the /home/user1/public_html directory but so far we haven't found any solution

We appreciate any help

24x7server · Jul 25, 2013

We are already using Cloud Linux but have found no way so far to accomplish any of these. We have tried setting ownership of files to 0444 and owner root but these settings are just overwritten by "File Manager".

-> You can try to add file attributes for it using chattr +ai and files that you want to restrict from file managers. So that change or modifications in file permissions and ownership could not be done and it will remain same as you defined.

Further, It could not be possible that if a file is having a root.root ownership can get modified by a normal user. You need to assign sudo privileges to that particular user.

cPanelMichael · Jul 25, 2013

josuablirup said: ↑

We have searched for quite a long time for any potential solution to "jail" users to only having access to the /home/user1/public_html directory but so far we haven't found any solution
Click to expand...

Which specific service are you referring to (e.g. SSH, FTP)? Could you provide an example of where an account can access the entire /home directory through this service?

Thank you.

josuablirup · Jul 25, 2013

Hey Michael

Sorry, what I meant to write was the user has access to the entire: /home/user directory where we would actually like them to only have access to /home/user/public_html

-> You can try to add file attributes for it using chattr +ai and files that you want to restrict from file managers. So that change or modifications in file permissions and ownership could not be done and it will remain same as you defined.

Further, It could not be possible that if a file is having a root.root ownership can get modified by a normal user. You need to assign sudo privileges to that particular user."
Click to expand...

I have tested this with several clients now following this procedure:

1. Connect through SSH
2. Create file test.foo
3. chmod 444
4. chown root:root test.foo

Then I login with the user through domain.com/cpanel
1. File Manager
2. Edit file code or non-code
3. Save
4. Succes

The file is now owned by user:user and nothing prevented them from doing this.

cPanelMichael · Jul 26, 2013

It's not possible to limit a cPanel account's access to the public_html directory itself. You can create a virtual FTP account that can only access the public_html directory, but the cPanel account will always have access to it's home directory. I have opened an inquiry with our development team regarding the ability to access files owned by "root" within File Manager. For reference, the internal case number is 74121. I will update this thread with the answer when it becomes available.

Thank you.

cPanelMichael · Jul 26, 2013

Per the internal case:

This behavior is by design. Since the file is readable by all users, it is readable by the user in question. When saving files, to avoid problems when the user is over quota, we write to a temporary file, and if that was successful, rename(2) the file into place. Since the user has write permission in this directory, the rename is successful and the old file, along with its permissions, is destroyed.
Click to expand...

Thank you.

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

Lock files or limit acces to only public_html

josuablirup Registered

24x7server Well-Known Member

cPanelMichael Technical Support Community Manager
Staff Member

josuablirup Registered

cPanelMichael Technical Support Community Manager
Staff Member

cPanelMichael Technical Support Community Manager
Staff Member

SOLVED Apache 2.4 deny from all blocks only css and js files

how block port 140 udp on eth1

CSF WordPress wp-login.php block attempts

Unblock options for customer?

Rewrite forwarded email headers in EXIM to avoid strict DMARC/SPF block ?

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

Lock files or limit acces to only public_html

josuablirup Registered

24x7server Well-Known Member

cPanelMichael Technical Support Community Manager Staff Member

josuablirup Registered

cPanelMichael Technical Support Community Manager Staff Member

cPanelMichael Technical Support Community Manager Staff Member

SOLVED Apache 2.4 deny from all blocks only css and js files

how block port 140 udp on eth1

CSF WordPress wp-login.php block attempts

Unblock options for customer?

Rewrite forwarded email headers in EXIM to avoid strict DMARC/SPF block ?

Share This Page

cPanelMichael Technical Support Community Manager
Staff Member

cPanelMichael Technical Support Community Manager
Staff Member

cPanelMichael Technical Support Community Manager
Staff Member