Last Update - gave root access to all users via ssh

After the last update all users that access sftp via ssh now have access to root - with read/write capabilities

I did run the fix permissions however - that did not work ( did not change anything )

before the last update they were only able to see there home folder

After the last update all users that access sftp via ssh now have access to root - with read/write capabilities

I did run the fix permissions however - that did not work ( did not change anything )

before the last update they were only able to see there home folder

Hi I just tested this and I could not get ROOT with a normal SSH account.

I am glad it did not occur for you.
----
It is very clear - since i only have 20 clients on my server - and no modifications made on basic install except for adding domains and mysql databases.

so i uploaded a file for one of my clients - next day update occurs - i go back to apply changes to the file for the client and there is all of the root. and read/write

why do you even give sftp/ssh to users?, you should do that only if you have cloudlinux and never in any other case if this are not your only accounts.

sftp access is more secure

SFTP – SSH Secure File Transfer Protocol. SFTP (SSH File Transfer Protocol) is a secure file transfer protocol. ... There is basically no reason to use the legacy protocols any more. SFTP also protects against password sniffing and man-in-the-middle attacks.

as i mentioned before everything worked perfectly until the last update.
users had access to there home folder - and that is it.

now they have root access to everything - with read/write to all folders

The fix is too change /etc/passwd

good--> username:x:1009:1009::/home/domainname:/sbin/nologin
fullaccess-> username:x:1010:1010::/home/domainname:/bin/bash

after checking the users which received the full access - it appears to be the users that have '%' remote access to mysql
this could be a coincident -

I will have to wait until the next update to be sure

you are mixing sftp/ssh with FTP this are completely different service.

ssh/sftp use ssh port (default 22) *** this requires chroot or cloudlinux
ftp, ftps, ftpes port 21

If you need SSH/SFTP in secure way then you need to use cloudlinux or make a custom chroot system
If you need ssl for ftp then you need to check FTPs or FTPes

agreed, ssh is only more secure for the user...it is never more secure for the webserver itself!!!