Require Password For Special FTP Accounts Configuration File Downloads
The FTP/SFTP configuration files in cPanel are great and useful though Panic Transmit or Terminus are still missing.
However, downloading the Special FTP Accounts file should require the cPanel account’s primary account password.
Let's look at this scenario that has actually happened.
cPanel doesn't trigger any notification alert on S/FTP connects and still doesn't have a way of creating additional port 2083 accounts with fine-tuned privileges.
A customer ends up giving his or her developer access to cPanel, and the developer downloads this file.
After the developer has done his work and access to 2083 terminated, the developer can access data at will without anyone being the wiser.
This will occur whether the machine has a password disabled or not.
If anyone can download this file at will, it kinda negates the whole idea of the principle of least privilege.