When creating an ftp user, in the "Options" tab the client can see the full path of their home Example: /var/www/clients/client1/web2 It's big a security issue. Any fix for this?
ok so when you set up a ftp client in ispconfig 3 look at the ftp user there is a tab called options in there you will see Directory set this to the path you want them to be in when they log onto the ftp something like /var/www/clients/client1/web2 now they will only see wats in the web2 folder kwick
Clients can not see the options tab, only the administrator can see it. So there is no security issue. You just mixed up the administrator login with the client login.
I'm entering with a client user and password and I CAN see the Options tab. I don't see the check boxes, but i can see the full path and can edit it also.
Yes, your right. We changed this some time ago. Try to edit it and you will see that a client can not setup a wrong path which is not within its client area. The path can be changed to enable the clinet to setup FTP users for subdirectories of its site.
We can hide it. But I dont see this as a confidential information as every user can lookup the real path e.g. with a php script (phpinfo) or in the error / access log of his website.
Or it can be written before the textbox so the user just need to type a foldername in the textbox (or even the script kan look for folders and show these in dropdown).
