FTP User Rights - whats the Correct way to set it up

Hi

Looked and searched KB but i dont think i see the answer ...

I sometime have developers working on my site so to give access I simply

• create a couple of users
• select the folder that i want them to access

• grant read or write access

but they cannot get access to the folder unless i select root and grant them read= allow

my question is from a security perspective is, am I opening my site so that passwords etc can be read?

What is the correct way to grant access to a single folder of file without the user being able to see other parts of the site?

With my other hosting providers (apache) I find it really straight forward - I create a user simply go to the required folder and grant access- which means the user cannot see anything other than that folder.

I post this question like I said earlier from a security angle

thanks

 

Hi and thanks for your reply

so what yo are saying is that i grant read in then root then ANY folder i do not wish the user to view i go down each folder and "deny" them access - think ive got it!

so as a precautionary action should I change my database password as I am assuming that they could have viewed that in one of my config files- am i correct?

thanks

N3lly

 

Thanks for your suggestions got it sorted as with your link and encryption I'm not a coder and to be honest at 1st glance over my head but i'll look at implementing this though a competent person soon.

many thanks

 

We actually have a KB article you may want to look at if you would like to encrypt configuration sections of your web config file.