The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Restrict 'cPanel FTP' user from becoming Unix user

Discussion in 'General Discussion' started by bodomic, Jan 16, 2007.

  1. bodomic

    bodomic Registered

    Joined:
    Nov 28, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    I was questioned by my client who had become very concerned after his own client installed myftp into his ftp folder.
    The problem is the following:
    Let's say I have created account main_user for my main user in WHM.
    He goes to his cPanel and creates FTP user for his client his_client@myhost.com.

    Then, his_client copies myftp folder to /home/main_user/his_client/myftp and sets "../.." as home directory for myftp web interface.

    That's very, very bad... /home/main_user/his_client/myftp and its contents are owned by main_user, so his_client can go to http://main_user.com/his_client and have a full access to /home/main_user indeed...

    I've edited config of myftp and denied anyone but root edit it, so it is fixed by now but I'm curious - is there a way of restricting user-behind-user from doing such terrible things? And of course it would be great if I could restrict this automatically for any new FTP user.

    Thanks
     
  2. bodomic

    bodomic Registered

    Joined:
    Nov 28, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    can anyone help?
     
Loading...

Share This Page