FTP User Permissions

Companies without server engineers must select personnel for website maintenance.

When assigning tasks to external staff, be mindful of security and strive to minimize their permissions. Having personnel outside the organization with full access to the server poses a risk and could lead to trouble. Do not grant them all access privileges.

As for the mechanism, issuing an “FTP user” is sufficient.

If the server supports “.htaccess” files, specify the accessible locations and prohibited areas for the issuing user. The basic rule is to prohibit access to important files.

Access Permissions:
public_html/example.com/

Block specific users only:
public_html/example.com/secret/

If using the above rules, save the following as “.ftpaccess” in the “secret” directory.

<Limit ALL>
	DenyUser Username
</Limit>

Some servers do not support “.ftpaccess” files. In such cases, it is recommended to assign permissions per FTP user and pre-define accessible directories.

There are various ways to do it, so please choose the best method for you.