[BlueOnyx:07399] Re: Question about suPHP
Ken - Precision Web Hosting, Inc
kenlists at precisionweb.net
Fri May 27 16:36:46 -05 2011
----- Original Message -----
From: "Darrell D. Mobley" <dmobley at uhostme.com>
To: "'BlueOnyx General Mailing List'" <blueonyx at mail.blueonyx.it>
Sent: Friday, May 27, 2011 12:30 PM
Subject: [BlueOnyx:07398] Question about suPHP
> Let's say you have a website with suPHP enabled and that client wants to
> allow a vendor to install an add-on to an ecommerce engine he is running.
> Said vendor requests access to FTP, phpMyAdmin and the ecommerce engine.
> Last one is simple, create him an ecommerce admin login, but FTP and
> phpMyAdmin access allow an unknown entity to access the client's site and
> my
> server if he were given the site administrator login information.
>
> Under the current scenario, I switched suPHP off, created a separate site
> administrator account so I can see what he uploads via FTP, and if nothing
> stinks, I can turn suPHP back on and it will reassign his files to the
> primary site administrator.
>
> Is there anything wrong with my reasoning or is there a better way to
> allow
> a third party to have access to a client's site while leaving suPHP
> enabled?
>
You could just leave everything as it is, then change the password after he
is done.
And check the /var/log/xferlog to see what he uploaded.
That will save you about 95% of the headaches.
----
Ken M
Precision Web Hosting, Inc.
http://www.precisionweb.net
More information about the Blueonyx
mailing list