Restrict access to all files outside public_html

GKey

Member
Mar 21, 2007
6
0
151
We have several accounts that need to upgrade their websites and as a result access needs to be given to web developers.

As a security precaution, we would like to restrict access for the said web developers to public_html folder only. (Primary concern is that they shall not have access to Mail folders)

Although we can restrict access through ftp to public_html, any PHP script uploaded to public_html has access to all files within the account, including mail. So Mail can be read and even deleted through PHP script execution.

Could someone advice if such a restriction is possible and how can it be achieved ?
Thank you in advance.
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,233
363
cPanel Access Level
DataCenter Provider
Twitter
Although we can restrict access through ftp to public_html, any PHP script uploaded to public_html has access to all files within the account, including mail. So Mail can be read and even deleted through PHP script execution.
Hello,

Can you provide more information or steps we can take to reproduce a PHP script under the public_html directory reading contents from the account's mail directory? Does the issue persist after enabling the PHP open_basedir tweak referenced on the URL below?

PHP Security Concepts - cPanel Knowledge Base - cPanel Documentation

Thank you.