flashweb

Well-Known Member
Mar 13, 2003
255
2
168
cPanel Access Level
Root Administrator
Hi,

By using scdipts like PHP Shell, a user can view other users files, view the content of scripts, data files, etc...

So other users files are not secure. I found Enism advertise it will secure users data.

I have found some cpanel servers do this with out turning ON php safe mode.

How to solve this ?

Regards,

Yujin

cPanel.net Support Ticket Number:
 

www-lab

Well-Known Member
Feb 1, 2003
62
0
156
use open_basedir and disable function, but this is only php. Any user with CGI access still can view other user files.

cPanel.net Support Ticket Number:
 

flashweb

Well-Known Member
Mar 13, 2003
255
2
168
cPanel Access Level
Root Administrator
How to use open_basedir and disable function ?

Can you explain ?

Is it possible to chmod /home folder to some thing different ?

Hope running suexe will solve the cgi problem.

cPanel.net Support Ticket Number:
 

cass

Well-Known Member
Jul 17, 2002
349
0
166
Argentina/USA/Mexico
If you have your WHM updated ... (to version 7.0.x)
you can use :

tweak security link in WHM.

Regards.

cPanel.net Support Ticket Number:
 

cass

Well-Known Member
Jul 17, 2002
349
0
166
Argentina/USA/Mexico
Hum... well... if you look at layer2.cpanel.net you'll see that the last non EDGE non BETA release is :
Cpanel-6.4.2-STABLE_85-FreeBSD-i386-libc (Tue Jun 10 08:42:46 2003)

But you need 7.0.5 or Up. for this feature.
or wait to July when version 7 will be stable.

Regards.

cPanel.net Support Ticket Number:
 

MscLimp

Active Member
Mar 3, 2003
35
0
156
Originally posted by cass
If you have your WHM updated ... (to version 7.0.x)
you can use :

tweak security link in WHM.

Regards.

cPanel.net Support Ticket Number:
Where is tweak security link located in WHM?

cPanel.net Support Ticket Number:
 

www-lab

Well-Known Member
Feb 1, 2003
62
0
156
I'm also interested, what is exactly that tweak doing?

cPanel.net Support Ticket Number:
 

cass

Well-Known Member
Jul 17, 2002
349
0
166
Argentina/USA/Mexico
It modifies the httpd.conf virtual hosts by default
and adds security for PHP (lock includes on user dir & tmp only, etc.)

Regards.

cPanel.net Support Ticket Number: