This object is in archive!
SFTP User Management
Needs Feedback
Creating chrooted sftp user accounts via WHM GUI.
Allows easy creation of backup destinations outside of cpanel user accounts.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
The security implications of this has me extremely alarmed. Allowing a feature that can generate arbitrary user creation (since SFTP requires a valid Linux account on the machine at this time) with an arbitrary homedir outside of the designated HOMEDIR location on the system just seems like you're asking for exploits and support issues (others may leverage this account for actual hosting/etc and not for your intended purpose).
This also presents an issues of the SFTP account name then precluding a cPanel account name of existing of that type. A whole host of logic would need to be done to accommodate this "new type" of account that conflicts with all prior cPanel user logic.
This is an exceedingly high volume of work involved to produce this in the current design of the product. Your use case for this is to store local backups? Or remote backups for other cPanel servers?
This is a very complex product solution for what is not a usual or intended use case of the backup destination feature. The usual use case for the backup destination feature is to deploy backups on a remote system designated for backups only.
At this time, given the prior security and logistics concerns mentioned, it is unlikely that cPanel will pursue this particular feature.
The security implications of this has me extremely alarmed. Allowing a feature that can generate arbitrary user creation (since SFTP requires a valid Linux account on the machine at this time) with an arbitrary homedir outside of the designated HOMEDIR location on the system just seems like you're asking for exploits and support issues (others may leverage this account for actual hosting/etc and not for your intended purpose).
This also presents an issues of the SFTP account name then precluding a cPanel account name of existing of that type. A whole host of logic would need to be done to accommodate this "new type" of account that conflicts with all prior cPanel user logic.
This is an exceedingly high volume of work involved to produce this in the current design of the product. Your use case for this is to store local backups? Or remote backups for other cPanel servers?
This is a very complex product solution for what is not a usual or intended use case of the backup destination feature. The usual use case for the backup destination feature is to deploy backups on a remote system designated for backups only.
At this time, given the prior security and logistics concerns mentioned, it is unlikely that cPanel will pursue this particular feature.
The security implications of this has me extremely alarmed. Allowing a feature that can generate arbitrary user creation (since SFTP requires a valid Linux account on the machine at this time) with an arbitrary homedir outside of the designated HOMEDIR location on the system just seems like you're asking for exploits and support issues (others may leverage this account for actual hosting/etc and not for your intended purpose).
This also presents an issues of the SFTP account name then precluding a cPanel account name of existing of that type. A whole host of logic would need to be done to accommodate this "new type" of account that conflicts with all prior cPanel user logic.
This is an exceedingly high volume of work involved to produce this in the current design of the product. Your use case for this is to store local backups? Or remote backups for other cPanel servers?
This is a very complex product solution for what is not a usual or intended use case of the backup destination feature. The usual use case for the backup destination feature is to deploy backups on a remote system designated for backups only.
At this time, given the prior security and logistics concerns mentioned, it is unlikely that cPanel will pursue this particular feature.
The security implications of this has me extremely alarmed. Allowing a feature that can generate arbitrary user creation (since SFTP requires a valid Linux account on the machine at this time) with an arbitrary homedir outside of the designated HOMEDIR location on the system just seems like you're asking for exploits and support issues (others may leverage this account for actual hosting/etc and not for your intended purpose).
This also presents an issues of the SFTP account name then precluding a cPanel account name of existing of that type. A whole host of logic would need to be done to accommodate this "new type" of account that conflicts with all prior cPanel user logic.
This is an exceedingly high volume of work involved to produce this in the current design of the product. Your use case for this is to store local backups? Or remote backups for other cPanel servers?
This is a very complex product solution for what is not a usual or intended use case of the backup destination feature. The usual use case for the backup destination feature is to deploy backups on a remote system designated for backups only.
At this time, given the prior security and logistics concerns mentioned, it is unlikely that cPanel will pursue this particular feature.
Thanks for taken the time to comment.
Think we could address some of your concerns.
To you see a chance to allow creation of SFTP only accounts under a cpanelaccount (like ftp accounts)? I currently create SFTP only accounts inside the homedirectory. Since I am the only one using the system I can prevent that someone would create an cpanelaccount with the same name.
It would be a lot easier if cPanelbackups would support FTP over SSL. Which is not the case. Perhaps it would be wiser to put development power on that feature first.
Thanks for taken the time to comment.
Think we could address some of your concerns.
To you see a chance to allow creation of SFTP only accounts under a cpanelaccount (like ftp accounts)? I currently create SFTP only accounts inside the homedirectory. Since I am the only one using the system I can prevent that someone would create an cpanelaccount with the same name.
It would be a lot easier if cPanelbackups would support FTP over SSL. Which is not the case. Perhaps it would be wiser to put development power on that feature first.
Replies have been locked on this page!