Control Web Panel
WebPanel => Updates => Topic started by: rtoutant on November 06, 2018, 09:54:24 AM
-
After the last update all users that access sftp via ssh now have access to root - with read/write capabilities
I did run the fix permissions however - that did not work ( did not change anything )
before the last update they were only able to see there home folder
-
After the last update all users that access sftp via ssh now have access to root - with read/write capabilities
I did run the fix permissions however - that did not work ( did not change anything )
before the last update they were only able to see there home folder
Hi I just tested this and I could not get ROOT with a normal SSH account.
-
I am glad it did not occur for you.
----
It is very clear - since i only have 20 clients on my server - and no modifications made on basic install except for adding domains and mysql databases.
so i uploaded a file for one of my clients - next day update occurs - i go back to apply changes to the file for the client and there is all of the root. and read/write
-
why do you even give sftp/ssh to users?, you should do that only if you have cloudlinux and never in any other case if this are not your only accounts.
-
sftp access is more secure
SFTP – SSH Secure File Transfer Protocol. SFTP (SSH File Transfer Protocol) is a secure file transfer protocol. ... There is basically no reason to use the legacy protocols any more. SFTP also protects against password sniffing and man-in-the-middle attacks.
as i mentioned before everything worked perfectly until the last update.
users had access to there home folder - and that is it.
now they have root access to everything - with read/write to all folders
-
The fix is too change /etc/passwd
good--> username:x:1009:1009::/home/domainname:/sbin/nologin
fullaccess-> username:x:1010:1010::/home/domainname:/bin/bash
after checking the users which received the full access - it appears to be the users that have '%' remote access to mysql
this could be a coincident -
I will have to wait until the next update to be sure
-
you are mixing sftp/ssh with FTP this are completely different service.
ssh/sftp use ssh port (default 22) *** this requires chroot or cloudlinux
ftp, ftps, ftpes port 21
If you need SSH/SFTP in secure way then you need to use cloudlinux or make a custom chroot system
If you need ssl for ftp then you need to check FTPs or FTPes
-
agreed, ssh is only more secure for the user...it is never more secure for the webserver itself!!!