Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Prevent subdomain access to parent folder?

Discussion in 'Security' started by ssmrasu, May 14, 2019.

  1. ssmrasu

    ssmrasu Registered

    Joined:
    May 14, 2019
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    TamilNadu
    cPanel Access Level:
    Website Owner
    For example:
    I have "abc.com" and i use "cpanel"
    In "cpanel -> Domains -> Subdomains"
    i create
    Subdomain: "x.abc.com"
    Document Root: "/home/abc/public_html/hisfolder"

    And i will give this address to my customer
    i don't want he access to my other files except "hisfolder"
    He must only access with "ftp" to "hisfolder" and my Database.

    And i create In "cpanel -> Files -> Ftp Accounts"
    Login: "hisname@abc.com"
    Password: "*****"
    Directory: "/home/abc/public_html/hisfolder"

    With "filezilla" or etc. he only access "hisfolder" he can't access to parent folders and files OK.
    But when he write a ".php" file like:

    <?php
    $dir = '../';
    $files = scandir($dir);
    print_r($files);

    $phpApiFile = file_get_contents('../api.php');
    echo $phpApiFile;
    ?>

    and upload to "/home/abc/public_html/hisfolder/index.php" he can now access to my files?

    1. He should add his .php files and connect to database
    2. He should not access to my files
    So how can i do this both agents? what am i do?

    Please Help me.
     
    #1 ssmrasu, May 14, 2019
    Last edited by a moderator: May 14, 2019
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,161
    Likes Received:
    474
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    When it comes to directory structure within an account, while we can limit access via FTP it isn't possible to restrict access on the level you're requesting, what should be done if you want them 100% separate you need to create the subdomain in its own account.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice