Managing Priviledges for a Web Directory

[rjmartino]

I have a web site that has the following directory structure

/
     /private_html
     /public_html
          /secret
          /images

How can I deny a user FTP access to the "secret" folder but still allow access to the "public_html" directory and the "images" directory?

I have sensitive code (.php files) in that "secret" folder so I don't want the designer to have access to it... But, I still need to allow web browsers to be able to open and view the files.

I'm utilizing cpanel and WHM but I also have root access to the server.

Thanks in advance!

[Rob Pomeroy]

What level of control do you have over groups and users?  In most shared hosting setups, you will have only one user and one group available to you.  That user will also be the user under which the webserver runs and the FTP access is created.  In this case you could not disallow access via FTP and yet allow it to the webserver.

If you DO have greater control, proceed down this route:

Let's say the webserver runs as user "rjm", group "rjm".
Create a new FTP user for your designer, user "designer", group "designer".
Set ownership on all web files/folders to user "rjm", group "designer" except the secret folder - set that to rjm/rjm.  Give group "designer"R/W access to all other files and folders.
Ensure secret folder only has R/W access for rjm/rjm - not for anyone else.

There may be other ways of solving this problem incidentally, if you're willing to say what kind of secret data these PHP files contain/reference.