FTP Users can go above their user name into the Home Directory
Forum
For more information on the latest vulnerability (CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091),
please refer to our blog post
  1. Forums
  2. CloudLinux and Control Panels
  3. CloudLinux and cPanel
  1. Mitch
  2. Saturday, 18 May 2019
  3.  Subscribe via email
I had to redo the server and install everything over. I installed all accounts and when a user is ftp in they can go above their account name into directories above it
/
...
bin
dev
etc
home
lib
lib64
opt
proc
sbin
tmp
usr
var
/home
---useraccountname
------.cagefs
.cl.selector
.cphorde
.htpasswds
access-logs
etc
logs
mail
public_ftp
public_html
ssl
tmp
www

How do I stop them from getting above second Home so all they can see is is
/home/useraccountname


thanks
Mitch
Rate this post:
  1. 21.05.2019 13:05:21
  2. # 1
Dmitriy Serafin Accepted Answer
Posts: 13
Joined: 03.04.2019
0
Votes
Undo
Hello Mitch,

By default, FTP users can indeed list the root directory. They won't have permissions to see other users or upload something there, but the directory listing would be available.
This mostly depends on the FTP service that you use and its configuration, whether it allows listing files outside of the user's home folder. For example, here's how you could achieve that with the vsftpd service:
https://superuser.com/a/370955

Note that our CageFS component keeps users inside their own virtualized "cage". Thus, it won't make any harm to the system if the user can list the files from the virtualized root directory.

If you have any additional questions about the way CageFS works, you may contact our Support team directly on https://cloudlinux.zendesk.com/agent/, we're glad to help!
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.