1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

Customer wants access to ALL folders via FTP login, good idea or no?

Discussion in 'Plesk for Linux - 8.x and Older' started by DaveNET@, Jun 27, 2005.

  1. DaveNET@

    DaveNET@ Guest

    0
     
    Hi,

    I'm running Plesk 7.51 on Linux. One client got the idea that they want the permissions changed on all the directories on their FTP login so they can access/edit/delete them. These would include foldes like conf, etc, lib, tmp, etc, you know what I mean.

    I'm not sure if this is a good idea, so I'm looking for feedback from everyone. I am going to make sure that I am NOT responsible if they screw something up with their files. But, from a security standpoint, what about the server in general, would I be opening up a problem maybe if I did this?

    David
     
  2. sieb@

    sieb@ Guest

    0
     
    From a security standpoint, NO. They are not the only customer on that server, so I wouldn't give them such free reign over areas that could affect other users. Whatever request they have, I'd filter through support on a case by case basis.
     
  3. DaveNET@

    DaveNET@ Guest

    0
     
    Hi,

    Remember, these directories are INSIDE their own FTP login directory.

    However, that being said, I wasn't sure if maybe there was still some danger in changing the permissions on all these directories from root to the username of the client.

    David
     
  4. sieb@

    sieb@ Guest

    0
     
    The user could still go in and change the conf files for their site to allow php or some custom binary direct system access. The users have no need to be in those folders.
     
  5. jamesyeeoc

    jamesyeeoc Guest

    0
     
    If they are chrooted, then there should be no security related problem to chown'ing (with -R) to everything within their own FTP login directory structure. Afterall, isn't that what a chroot is for?!

    Although I'm not sure what effects there will be in changing the chroot copy of /etc, /usr, /var from root : root to ftpusername : psacln I guess you'll try it and let us know.... :)
     
  6. alex042

    alex042 Guest

    0
     
    I would recommend against changing the permissions to allow them access to change files in all of their ftp directories basically for security reasons as well as functionality reasons. i.e. if they screw up a conf file, their whole site can go down and they call you to fix their problem they created or they change a conf file and disable safemode or open_basedir or change some other php variable then hack your server through some php script. There's a lot of potential for abuse if you allow write access to all of the folders.
     
Loading...