Clients FTP access

Discussion in 'Developers' Forum' started by andromedacocq, Jul 22, 2010.

  1. andromedacocq

    andromedacocq New Member

    When creating an ftp user, in the "Options" tab the client can see the full path of their home

    Example:
    /var/www/clients/client1/web2

    It's big a security issue.
    Any fix for this?
     
  2. kwickcut

    kwickcut Member HowtoForge Supporter

    what linux and how are you creating the accounts through ispconfig? comand lines?
     
  3. andromedacocq

    andromedacocq New Member

    Debian Lenny
    The Perfect Server Instructions
     
  4. kwickcut

    kwickcut Member HowtoForge Supporter

    ok so when you set up a ftp client in ispconfig 3 look at the ftp user there is a tab called options in there you will see Directory set this to the path you want them to be in when they log onto the ftp

    something like /var/www/clients/client1/web2


    now they will only see wats in the web2 folder


    kwick
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Clients can not see the options tab, only the administrator can see it. So there is no security issue. You just mixed up the administrator login with the client login.
     
  6. andromedacocq

    andromedacocq New Member

    I'm entering with a client user and password
    and I CAN see the Options tab.
    I don't see the check boxes, but i can see the full path and can edit it also.
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, your right. We changed this some time ago. Try to edit it and you will see that a client can not setup a wrong path which is not within its client area. The path can be changed to enable the clinet to setup FTP users for subdirectories of its site.
     
  8. andromedacocq

    andromedacocq New Member

    isn't good idea to hide the "/var/www/clients/client#/" part?
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    We can hide it. But I dont see this as a confidential information as every user can lookup the real path e.g. with a php script (phpinfo) or in the error / access log of his website.
     
  10. andromedacocq

    andromedacocq New Member

    good point.

    Thanks!!!!
     
  11. Niels

    Niels New Member

    Or it can be written before the textbox so the user just need to type a foldername in the textbox (or even the script kan look for folders and show these in dropdown).
     

Share This Page