Changing domain to different user (+ftp strangeness)


so, in an attempt to insulate problems on one domain from infecting another, i set up a new user and moved one of my domains over to it. now when i log in via sftp to that domain as the new user all i see is that domain’s directories, which is as it should be. so far so good. however, when i log in as the other user to the other domain via sftp i see all that domain’s directories as well as the domain directories that i transferred over to the new user. why is this? is it a matter of the changes taking a while to propogate?

also, i deleted a bunch of obsolete directories via ftp using filezilla and they seemed to be gone. but when i log in via sftp using fugu i still see them. what gives?


Are you still in the same dream host account? or did you move it to a different account? If you on the same account make sure both users have the enhance security checkbox clicked. That will break the connection to see files from one user to the next.


i only have one account (i assume i would have to pay separately for each account?). only one user (the first one) can see both users’ files. the new user i created can only see its own domain files.

and the other strangeness continues. i logged in via ftp as the new user and deleted all the directories and files i do not need. logging in via sftp as that new user those directories do not display, and if i try to load them in my web browser i get 404 errors. this would suggest they are in fact gone. but when i log in via sftp as the first user not only do i see the second user’s files, but all the directories and files i’d deleted as the second user are still visible. this is concerning because some of these files are still infected with the injected code that brought my wordpress and invision forums down. i can’t figure out if the files/directories do in fact still exist, and if so, why one user can see them when the other can’t.


any you checked that both accounts have enhanced security? Dreamhost has two operators for file ownership the the user and the account, all files are owned by the same account and separated by user. When you get a full file list you’ll see both the username and a second ‘owner’. If you compare these owner values they are the same for both ‘users’. If you don’t enable enhanced security, dream host is letting you share files between yourself as the account holder. This has the unfortunate side effect of allowing a hacker access to ALL your files if one of your users is breeched.


when you switch a domain to run under another user, the files are not deleted they are copied over. this leaves the initial copy under the original user but you can delete it without issue. i have verified this by doing it to one of my domains. each user can only see the files for the domains running under it.


yes, both accounts have enhanced security turned on.

but ryo-ohki’s explanation makes sense. i guess i’ll briefly enable ftp on the first account so i can use filezilla to delete the directories without having to delete all their contents first.[hr]
okay, that worked. thanks very much! now i need to figure out how to get rid of the jabber directory.