Full server access - is this meant to happen?


#1

I just loaded up SmartFTP today to add some more files to my website, and found that i could access the entire linux install though my client, including every other users website.

Is this meant to happen?

http://img137.imageshack.us/img137/3613/untitled0xp2.png


#2

nope. It looks like something is badly misconfigured. Can you still see the listing displayed in the referenced .jpg, or was it a “one time” kinda thing?
–rlparker


#3

He didn’t mention if he was using FTP protocol or SFTP over SSH2. It makes a difference.

With FTP, the DreamHost server will “chroot” or restrict file access to your home directory. This means to your FTP client, the topmost directory you can access will be /home/username and it will show it as / instead of /home/username

With SFTP over SSH2, the DreamHost server does not restrict access to your home directory, and your client should show the home directory as /home/.glob/username

:cool: [color=#6600CC]Atropos[/color] | openvein.org


#4

Thanks for the info! I never thought of that possibility.
–rlparker


#5

Other than the chrooting we do via ftp, your files are protected by normal unix file permissions. So if you don’t want anyone to be able to read a particular file be sure to not make it world readable.