basic user with root privilege sftp

[paulobeneton]

CloudPanel version(s) affected

2.4.2

Description

I connected via ssh through filezilla.

It connects to the user folder correctly.

However, when I type in the / address, it takes me to the server's default folder. I can see all the root user folders.

/home I can see the owner's folders clp, root, mysql

How to reproduce

1. Create a website on cloudpanel.

2. Get the sftp connection credentials

3. Connect to sftp using filezilla or another ftp program.

4. In the directory, try to access /, which is a folder above the user directory.
   

Possible Solution

Do not allow the user to have access to folders that do not belong to them and especially to root.

Additional Context

No response

[cloudpanel-io]

It's standard linux, not CloudPanel specific.

A chrooted ssh/sftp environment would be very nice but there is currently not an easy and stable way to achieve that.