Hi, I've recently discovered DirectAdmin, and I'm considering getting a [Reseller] acct. that uses this Control Panel.

So I have a few questions, & yes I did search the boards.

1- Does my client, (shared hosting user) need to have a domain name, or can I set up a subdomain for each person?

2- can I disable php/cgi for any user I want.

3- Permissions, etc... If I do set up an acct. for someone (using subdomain or domain), will they be able to browse other peoples folders etc... (for example, using linux commands like 'cd ..' or 'cat /home/path/somebodysfiles') & will they be able to overwrite files in other directories?

4- ftp, can I dissallow users to ftp upload certain files like .htaccess or .pl?

5- does DirectAdmin come with some type of firewall to stop people who use portscanner software, etc.. from hacking the server?

Note, I am considering getting an acct. where I am a reseller.

Thanks.

Originally posted by eli
Hi, I've recently discovered DirectAdmin, and I'm considering getting a [Reseller] acct. that uses this Control Panel.

So I have a few questions, & yes I did search the boards.

1- Does my client, (shared hosting user) need to have a domain name, or can I set up a subdomain for each person?

2- can I disable php/cgi for any user I want.

3- Permissions, etc... If I do set up an acct. for someone (using subdomain or domain), will they be able to browse other peoples folders etc... (for example, using linux commands like 'cd ..' or 'cat /home/path/somebodysfiles') & will they be able to overwrite files in other directories?

4- ftp, can I dissallow users to ftp upload certain files like .htaccess or .pl?

5- does DirectAdmin come with some type of firewall to stop people who use portscanner software, etc.. from hacking the server?

Note, I am considering getting an acct. where I am a reseller.

Thanks.

1 - You can use a subdomain or a normal domain

2 - CGI can be enabled / disabled with any site, for php you would have to use .htaccess for the site to turn it off.

3 - If i'm thinking correctly users should only have priveledges to files they own / created - although i suggest you double check this with Mark or John

4 - it's possible, you would have to do it yourself through proftpd configs

5 - No, server administrators can and should install firewalls aswell as take many other precautions when it comes to security.

Hello,


1- Does my client, (shared hosting user) need to have a domain name, or can I set up a subdomain for each person?
As long as domain.com is on the server, you can create a domain named sub.domain.com and it should work correctly.


2- can I disable php/cgi for any user I want.
As of The last version, the php option has been added, so yes, both can be chosen.


3- Permissions, etc... If I do set up an acct. for someone (using subdomain or domain), will they be able to browse other peoples folders etc... (for example, using linux commands like 'cd ..' or 'cat /home/path/somebodysfiles') & will they be able to overwrite files in other directories?
Without user jailing, there is the potential for other people on the system to browse your public_html directories using ssh. However, they cannot overwrite other peoples files.


4- ftp, can I dissallow users to ftp upload certain files like .htaccess or .pl?
Unfortunatly not. Even if it was disabled in ftp (which isn't a feature), there are still many other ways to get files onto a system.


5- does DirectAdmin come with some type of firewall to stop people who use portscanner software, etc.. from hacking the server?
DirectAdmin does not come with a firewall, however server admins are encouraged to set one up to hide unneeded ports.

John

Originally posted by DirectAdmin Support
Unfortunatly not. Even if it was disabled in ftp (which isn't a feature), there are still many other ways to get files onto a system.

Didnt think of shell and file manager :o whats wrong with me today!

Thanks for your answers,

is this possible? if i create a subdomain in a regular shared acct. and create ftp access, can I disable cgi/php on a subdomain basis?
- could a feature like that be added

thank you

Hello,

You would only be able to disable it if you create the subdomain as a whole new domain.

John