When creating a virtual host, the FTP server was enabled (port 21), if you log in using the credentials of SFTP (port 22) virtualhost, you can see the entire server tree !
Can you address this security vulnerability in your installation script?
thank you
(Translation with Google)
Howdy,
You may want to review the section of the documentation here titled “How can I prevent FTP Users from Browsing the Entire Filesystem?”:
Yes, I know that and I always does but if you put port 22 to port 21 pace, you have access to the whole server
In Webmin, System, Users & groups, /bin/false
Read this:
https://www.digitalocean.com/community/tutorials/how-to-configure-proftpd-to-use-sftp-instead-of-ftp
sudo nano /etc/proftpd/proftpd.conf
JAIL THE USER IN HOME DIR
Remove the # from in front of the DefaultRoot parameter to uncomment it:
DefaultRoot ~
I always do, despite that one can visualize the whole server