Thread: File Manager
View Single Post
Old 4th August 2012, 13:29
till till is offline
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,651 Times in 4,461 Posts

Regarding it being security risk, if implemented correctly, it's no more of a risk than allowing mod_php to run on customer sites.
And thats why mod_php is normally not used on a ispconfig server. ISPConfig provides mod_php support only for legcy reasons and it should not be used on servers that host clients or are connected to the internet. For hosting servers, use php-fcgi in conjunction with suexec as described in the manual. In ISPConfig, each site runs under a different Linux system user, so you wont be able to have write access to the files from a script running under mod_php anyway. Also you should be aware that ispconfig is a multiserver controlpanel were the web and controlpanel server is not nescessarily the same system, so you cant access any files from a script that are on the web server if the controlpanel server is a different system. The only option ro provide a file explorer like functionality is the user of a webFTP client were the customer can login with its FTP username and password.
Till Brehm
Get ISPConfig support and the ISPConfig 3 manual from
Reply With Quote