The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Standard user, setting remote path to / in FTP

Discussion in 'Security' started by zerpex, Oct 29, 2011.

  1. zerpex

    zerpex Member

    Joined:
    Oct 17, 2011
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello everyone, this morning I was setting up an FTP account for a user, that goes to a specific folder (themes folder in Wordpress) on his own cpanel, I specified the remote path like this: "/www/wp-content/themes/"

    Then I got the message that the folder didn't exist, so I tried without the slash in the beginning, and it was working.. I then tried to fill in / in the Remote path, connected to the server, and got access to the 'root' containing var, usr, tmp, proc, opt, lib64, lib, home, etc, dev and bin folders.

    I then opened different folders to see if it was the 'real' root, and I could see, it was only the root for the user account.

    I was then wondering, is this a security problem or is it a feature? - If the user knows a little about linux and cpanel, will my server then be save if he have access to those files? If it's a security problem, is there a way to fix it?

    Here's the image of the FTP:
    Google Chrome.png

    Thank you a lot!

    Best regards,
    Lucas
     
  2. zerpex

    zerpex Member

    Joined:
    Oct 17, 2011
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Is there anyone that have found a solution for this?
     
  3. minosjl

    minosjl Well-Known Member

    Joined:
    Jun 4, 2011
    Messages:
    168
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    cPanel Access Level:
    Root Administrator
    hi,

    How about the annnomanious login ,is that enabled on your server .Also could you please specify , how you create an ftp account for your main cpanel account or for your addon domain.
     
  4. storminternet

    storminternet Well-Known Member

    Joined:
    Nov 2, 2011
    Messages:
    462
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello,

    Did you connect using the root password with the cPanel username or what login credentials? Of note, the root user should not be able to connect unless you have set it up to do so and are using proftpd. pure-ftpd itself does not allow root user login to the / partition.

    I must admit that I'm a bit confused if you had actual ability to see the / partition folder contents or not based on your prior post, so if you can clarify if you were able to navigate the root folders on the system, that would be great.

    Thanks!
     
Loading...

Share This Page