cPanel personal account & FTP users

[vittorio]

I run a reseller account and I have been trying to find out a system to suggest to my users to isolate and confine their ftp-users into their own directories.

Apparently php.ini open_basedir feature suggests such an idea, sofar that could be applied from the top of the ftp-directory-account.

It seems to me that does not work that way, or maybe it's a question of php.ini-syntax to encode the open_basedir for more than 1 ftp-account.

Does anyone have a suggestion or an alternative?

[incrediblehelp]

So you want users of your website to access FTP locations on your domain? Or do you want users to access FTP locations on their own domains?

[vittorio]

Hi,
To make that more detailed and clear, suppose that I own a personal account with cPanel administration panel and my ISP allows me to issue 5 FTP accounts.

Now I will create on my related webspace a number of directories in my public_html folder nick, will, slim, incrediblehelp
... then I log in my cPanel and I assign to myaccount.domain.com/incrediblehelp an FTP account ...
...then I will give you the following :
ftp url = ftp.myaccount.domain.com
username = incrediblehelp@myaccount.domain.com
password = SeCrEt
You will be able to login via FTP and upload your files ONLY in the directory incrediblehelp
Your files will be retrievable at the url http://myaccount.domain.com/incrediblehelp/ ONLY
BUT you would also be able to upload the following file : "peep.php"
That file will have the following content :

Code:

<?# - File peep.php
highlight_file('../nick/sensible_data.php');// or worst ../../common.php
?>

All nick sensible data will be read by you.
Is there a way to avoid all that and confine your peeping into your folder ?
Without getting any help from the ISP.

Hope that scenario is now clear enough.

[incrediblehelp]

Not that I am aware of. Why is getting help from the ISP bad?

[vittorio]

The open_basedir and a related .htaccess file in any directory works out fine and definetly can limit and confine an user in his own directory ,,, POINT is that this works as a self imposed limitation ,,, sofar User incrediblehelp can delete or replace the .htaccess file into his directory , , , in that case he would allow himself to peep anywhere in the server.

To avoid this at this point, I was told from my ISP that he can help myaccount by setting a bit on the directory .htaccess file of the FTP User (incrdiblehelp) that would make impossible for incrediblehelp (but also for myaccount) to delete the file itself , , , I know this is in the power of the ISP, but not in the power of cPanel owner myaccount.
In that sense the ISP could help cPanel user (myaccount) to tightly lock and confine incrediblehelp user into his own directory.

In other words no prisoner would keep himself locked if he has the key to go out of his cell.
So I am searching for an efficient key to be owned by myaccount only, I am not saying that ISP help is bad.

I thought that by upgrading server software, now my ISP runs my reseller account on Apache2 & php5 and these limitations should have been resolved, that is why I am digging into it.
My ISP says that that's how it is, but I have a feeling that some proper code implementation into the local (myaccount) php.ini file could solve this issue.

[speed]

I'm not 100% sure what you are attempting to do.

If you just want people to be able to upload files to your server but limit their ability to abuse your account then, keep the FTP accounts/folders outside of the web root (public_html) that way people shouldn't be able to invoke the PHP files via Apache. As they can't run the scripts limiting PHP access becomes a mute point.

However I get the impression that you have a reseller account where all your clients sit within folders within your account and you are trying to have their web sites isolated from each other. That being the case find a new host that sets up reseller accounts properly.

A reseller account allows you to create cPanel accounts via WHM, each cPanel account is then isolated from the others. If the host also uses something like suPHP then each users PHP files run with the privileges of their account so limiting their access to other parts of the server.

[vittorio]

To speed

I prettty well know what WHM interface does and is for.
What I am talking and digging here about is what a Personal account owner can do about his FTP users and safely manage and host them.

I cannot see any reason to assign extra FTP accounts to any personal package if those lead to an insecure situation, so I wonder why do they exist.

Please re-visit the details where I try to exemplificate the issue to incrediblehelp ,,, I cannot figure out a better way to expose the question.

[Uncle Dog]

Find it hard to get at what your asking but... can't you use .htaccess files within each subdomain to block access from all other (similar) subdomains.

[speed]

Quote:

Originally Posted by vittorio

I prettty well know what WHM interface does and is for.
What I am talking and digging here about is what a Personal account owner can do about his FTP users and safely manage and host them.

Just checking that was the case

As per my previous post put the FTP accounts outside web root if they don't need to have the uploaded content served as that stops the scripts being run from apache.

For those accounts that need their content served the only option I can think of is to create a folder e.g. uploads and then create all your FTP accounts within a folder within that folder.

Next your host needs to add AllowOverride none for that folder to httpd.conf to stop them using .htaccess, the host also needs to disable scripting on that folder.

If you want to allow them to run scripts then there's nothing you can do as the scripts run as the account owner so can access anything the main account owner can, or if php runs in apache context anything apache can.

[vittorio]

To Uncle Dog,

Using .htaccess would not stop functions like highlight_file() or include()
Only feature capable to work out properly, as far as I have ascertained, is open_basedir

To thread posters

incrediblehelp account must function, otherwise what would be the reason for existing ?

... if anyone of you has a possibility to dispose of a test-personal account, please let me know and issue on that account an FTP access for me to login in order to troubleshoot an eventual proposal.

PLEASE STOP POSTING JUST UNVERIFIED IMPLEMENTATIONS OR THEORETICAL PROPOSALS.

JUST GO AHEAD WITH FACTIVE PROPOSAL AND CONTACT ME FOR COOPERATION WITH ANY FEEDBACK YOU ARE COMFORTABLE WITH.