• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Customer wants access to ALL folders via FTP login, good idea or no?

D

DaveNET@

Guest
Hi,

I'm running Plesk 7.51 on Linux. One client got the idea that they want the permissions changed on all the directories on their FTP login so they can access/edit/delete them. These would include foldes like conf, etc, lib, tmp, etc, you know what I mean.

I'm not sure if this is a good idea, so I'm looking for feedback from everyone. I am going to make sure that I am NOT responsible if they screw something up with their files. But, from a security standpoint, what about the server in general, would I be opening up a problem maybe if I did this?

David
 
From a security standpoint, NO. They are not the only customer on that server, so I wouldn't give them such free reign over areas that could affect other users. Whatever request they have, I'd filter through support on a case by case basis.
 
Hi,

Remember, these directories are INSIDE their own FTP login directory.

However, that being said, I wasn't sure if maybe there was still some danger in changing the permissions on all these directories from root to the username of the client.

David
 
The user could still go in and change the conf files for their site to allow php or some custom binary direct system access. The users have no need to be in those folders.
 
If they are chrooted, then there should be no security related problem to chown'ing (with -R) to everything within their own FTP login directory structure. Afterall, isn't that what a chroot is for?!

Although I'm not sure what effects there will be in changing the chroot copy of /etc, /usr, /var from root : root to ftpusername : psacln I guess you'll try it and let us know.... :)
 
I would recommend against changing the permissions to allow them access to change files in all of their ftp directories basically for security reasons as well as functionality reasons. i.e. if they screw up a conf file, their whole site can go down and they call you to fix their problem they created or they change a conf file and disable safemode or open_basedir or change some other php variable then hack your server through some php script. There's a lot of potential for abuse if you allow write access to all of the folders.
 
You must log in or register to reply here.

Similar threads

B
Question Reverse Proxy Setup: VPS + Mikrotik DDNS – Feeling Lost
Replies
0
Views
464
BTTech
B
AlexF40
Resolved Domain pointing to Plesk login page
Replies
1
Views
1K
AlexF40
AlexF40
intervations-au
Question API - Get a customers service plan
Replies
3
Views
664
Kaspar@Plesk
Kaspar@Plesk
P
Question Plesk login 8443 cannot be called up
Replies
8
Views
905
Kaspar@Plesk
Kaspar@Plesk
Gh()st
Issue Remote Storage FTP(S) Issue
Replies
1
Views
846
paulrm
P
Back
Top