• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.

Customer wants access to ALL folders via FTP login, good idea or no?

D

DaveNET@

Guest
Hi,

I'm running Plesk 7.51 on Linux. One client got the idea that they want the permissions changed on all the directories on their FTP login so they can access/edit/delete them. These would include foldes like conf, etc, lib, tmp, etc, you know what I mean.

I'm not sure if this is a good idea, so I'm looking for feedback from everyone. I am going to make sure that I am NOT responsible if they screw something up with their files. But, from a security standpoint, what about the server in general, would I be opening up a problem maybe if I did this?

David
 
From a security standpoint, NO. They are not the only customer on that server, so I wouldn't give them such free reign over areas that could affect other users. Whatever request they have, I'd filter through support on a case by case basis.
 
Hi,

Remember, these directories are INSIDE their own FTP login directory.

However, that being said, I wasn't sure if maybe there was still some danger in changing the permissions on all these directories from root to the username of the client.

David
 
The user could still go in and change the conf files for their site to allow php or some custom binary direct system access. The users have no need to be in those folders.
 
If they are chrooted, then there should be no security related problem to chown'ing (with -R) to everything within their own FTP login directory structure. Afterall, isn't that what a chroot is for?!

Although I'm not sure what effects there will be in changing the chroot copy of /etc, /usr, /var from root : root to ftpusername : psacln I guess you'll try it and let us know.... :)
 
I would recommend against changing the permissions to allow them access to change files in all of their ftp directories basically for security reasons as well as functionality reasons. i.e. if they screw up a conf file, their whole site can go down and they call you to fix their problem they created or they change a conf file and disable safemode or open_basedir or change some other php variable then hack your server through some php script. There's a lot of potential for abuse if you allow write access to all of the folders.
 
You must log in or register to reply here.

Similar threads

K
Issue Access denied. Your account was suspended while login to plesk web host edition
Replies
1
Views
279
AYamshanov
AYamshanov
isotophe
Question Duplicate Roundcube installation / getting a second Roundcube to run
Replies
5
Views
664
isotophe
isotophe
C
Resolved Plesk Extensions does not appear
Replies
2
Views
570
conor
C
A
Issue FTP - Insecure server, it does not support FTP over TLS.
Replies
3
Views
1K
Alban Staehli
A
J
Issue Plesk Email Overwriting Gmail MX records
Replies
2
Views
633
cmandoyle
cmandoyle
Back
Top