FTP client can access root folder and other unauthorized directory

Discussion in 'Installation/Configuration' started by laptop_user, Nov 1, 2014.

  1. laptop_user

    laptop_user Member

    When a client create FTP account, he/she can access all directory above such as
    /etc, /var/, /bin
    etc etc. They could even transfer some of these files in the restricted directory to their PC.

    The client try to add a subdomain with a web folder of it's own. So that means he create a new website in website module. He add his subdomain in DNS module adding A records (mysubdomain.myname.com) and MX records. When he create FTP account he can also access other restricted directory. Good thing is he have web folder of it's own and a welcome page meaning that his website is working.

    Only the problem is with the unauthorized directory access. Screenshot below:


    Further googling shown that I have similar problem as this person: http://bugtracker.ispconfig.org/index.php?do=details&task_id=3014

    I hope somebody here can help me with this. Thanks in advance.
  2. srijan

    srijan New Member HowtoForge Supporter

    Was jail installed in the setup?
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Check your pure-ftpd config and ensure that virtualchroot is enabled in pure-ftpd.

    A client cant create a ftp user with directory /. Only the administrator (you) can do that on your server.
  4. laptop_user

    laptop_user Member

    after I update to latest ISPC patch, I don't have this problem anymore. Thank you

Share This Page