WEBSERVER user access to MAIL folder

view full story

http://forums.cpanel.net – Hi guys, cPanel have a major security risk regarding how php handler is configure: DSO or suPHP. As DSO configuration the risk is the hacker can access to the webserver folder of all users, because the PHP is executed with nobody permissions for all accounts. As suPHP the webserver is execute with the user account permissions, so it can access to mail folder. I think the best way is the suPHP configuration, but the webserver must use a second user of the account. One user have access to all files in home folder and the second user have access only to the webserver folder. The webserver ha (HowTos)