• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Block FTP User from one file

V

Vcize

Senior member
I wasn't sure which forum this goes in, but this seems the closest fit.

I have a xenforo forum that I run. I would like to give one of the admins FTP access so they can install plugins, themes, etc.

However, I don't want them to have access to the database info (username, password, etc). This info is stored in /public_html/library/config.php. Is there a way for me to give them ftp access but block them from accessing that particular file without messing up the permissions of xenforo?
 
Unfortunately, I don't think there is a way to block all files and allow access to one or more selectively. Once you have access to the main site's FTP account you have all.

I guess this amounts to trust more than anything. And you should always have backups! I backup my site to no less than five locations, one being a DVD/RW. So if your config.php file gets messed up just restore it from the backup. No problem.

Permissions would be in the database. Not config.php. That would have the database user, password, etc. When I think of permissions I think of forum permissions...
 
Last edited:
It's a bit of a hassle to set up if there are a lot of folders, but if your FTP server software allows it you can give their account access to the individual separate folders (excluding the /public_html/library folder) instead of just to the root folder and its contents. However, this won't work if they need access to other files in that folder...
 
John Connor said:
Unfortunately, I don't think there is a way to block all files and allow access to one or more selectively. Once you have access to the main site's FTP account you have all.

I guess this amounts to trust more than anything. And you should always have backups! I backup my site to no less than five locations, one being a DVD/RW. So if your config.php file gets messed up just restore it from the backup. No problem.

Permissions would be in the database. Not config.php. That would have the database user, password, etc. When I think of permissions I think of forum permissions...
Click to expand...

Actually you have it backwards 🙂. I need to block just one file, and allow them access to anything else.

The backup is not the issue it is them having access to the information in that file.
 
Fardringle said:
It's a bit of a hassle to set up if there are a lot of folders, but if your FTP server software allows it you can give their account access to the individual separate folders (excluding the /public_html/library folder) instead of just to the root folder and its contents. However, this won't work if they need access to other files in that folder...
Click to expand...

Thanks, I suppose that is the closest I can get to it. I will give that a try! Will they still be allowed to create new folders themselves that they have access to?
 
If you are using a VPS then I suppose you can create users and groups for the FTP server. This is how it is in the Filezilla server I have running.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top