• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Customer wants access to ALL folders via FTP login, good idea or no?

D

DaveNET@

Guest
Hi,

I'm running Plesk 7.51 on Linux. One client got the idea that they want the permissions changed on all the directories on their FTP login so they can access/edit/delete them. These would include foldes like conf, etc, lib, tmp, etc, you know what I mean.

I'm not sure if this is a good idea, so I'm looking for feedback from everyone. I am going to make sure that I am NOT responsible if they screw something up with their files. But, from a security standpoint, what about the server in general, would I be opening up a problem maybe if I did this?

David
 
From a security standpoint, NO. They are not the only customer on that server, so I wouldn't give them such free reign over areas that could affect other users. Whatever request they have, I'd filter through support on a case by case basis.
 
Hi,

Remember, these directories are INSIDE their own FTP login directory.

However, that being said, I wasn't sure if maybe there was still some danger in changing the permissions on all these directories from root to the username of the client.

David
 
The user could still go in and change the conf files for their site to allow php or some custom binary direct system access. The users have no need to be in those folders.
 
If they are chrooted, then there should be no security related problem to chown'ing (with -R) to everything within their own FTP login directory structure. Afterall, isn't that what a chroot is for?!

Although I'm not sure what effects there will be in changing the chroot copy of /etc, /usr, /var from root : root to ftpusername : psacln I guess you'll try it and let us know.... :)
 
I would recommend against changing the permissions to allow them access to change files in all of their ftp directories basically for security reasons as well as functionality reasons. i.e. if they screw up a conf file, their whole site can go down and they call you to fix their problem they created or they change a conf file and disable safemode or open_basedir or change some other php variable then hack your server through some php script. There's a lot of potential for abuse if you allow write access to all of the folders.
 
You must log in or register to reply here.

Similar threads

AlexF40
Resolved Domain pointing to Plesk login page
Replies
1
Views
891
AlexF40
AlexF40
Gh()st
Issue Remote Storage FTP(S) Issue
Replies
0
Views
234
Gh()st
Gh()st
W
Resolved FTP - Can't connect via FTP
Replies
4
Views
3K
warleb
W
B
Issue No longer able to login to support.plesk.com
Replies
10
Views
2K
Peter Debik
P
R
Resolved Cant connect to SSH / No Plesk Access
Replies
5
Views
1K
Roebel
R
Back
Top