As a rule, the owners of a resource located on a hosting server protect their files well enough.
Most hosting companies offer access to their clients ' files using FTP. An FTP server on a hosting server is configured so that authentication and authorization are required. An authorized user can access only his or her home directory for reading and writing.
Clients cannot read and especially cannot change files outside their directories.
The root Web directory of a site is often a subdirectory of the site owner's home directory. This allows the user to have files and directories that are available only to him or her for reading and that are inaccessible using HTTP. A list of files in a user's home directory can be as shown in the next example.
-bash-2.05b$ cd ~ -bash-2.05b$ ls -la total 2238 drwxr-xr-x 25 user user 512 Aug 24 18:23 . drwxr-xr-x 20 root wheel 512 Nov 18 14:28 .. -rw------- 1 user user 7219 Dec 10 21:12 .bash history -rw-r--r-- 1 user user 771 Apr 27 2004 .cshrc -rw-r--r-- 1 user user 248 Apr 23 2004 .login -rw-r--r-- 1 user user 158 Apr 23 2004 .login_conf -rw------- 1 user user 276 Apr 23 2004 .rhosts -rw-r--r-- 1 user user 975 Apr 27 2004 .shrc drwxr-xr-x 6 user apache 512 May 1 2004 httpd drwxr-xr-x 3 user user 512 Apr 23 2004 mail drwxrwxrwx 13 user user 512 Apr 28 2004 share
In general, this solution proves to be good.
In some cases, access for reading and writing (changing attributes) to files belonging to the user is insufficient for setting the system. For example, he or she might need access to certain server commands such as setting the cron daemon so that certain commands execute according to a certain schedule. For another example, the user might need to install specific software.
When this is required, access using the secure shell (SSH) protocol is arranged.
Giving users additional rights such as a right to execute any command can weaken both the security of the hosting server and the security of the sites it hosts .
Although server security is a concern of the hosting administrator, the security of a particular site is a concern of its owner. As a result, it is common that one of the hosting company's clients can read and sometimes execute files belonging to another user.
If this situation is likely in your hosting company, you should develop your system or site with the assumption that the code of your scripts can be disclosed.
A hosting server can be configured so that it is difficult for users to access files belonging to other users. This can be done by restricting options of the command line. Depending on a particular implementation, the host can use various methods to protect the users of a system from the users of other systems.