I am hoping that someone might have some insight into an issue that I came across today while working on one of my clients websites that I am building for him. I was setting up a FileManager and Image uploader to be part of CKEditor for the backend updating of his website - - - when I entered var fileRoot = '/'; in the variable for the directory that I want to display for managing the files on his account, the complete file structure of my VPS ROOT displayed and I was able to traverse through all of the directories seeing and being able to access home (all cPanel accounts), root, usr, lib, etc. Of course I have no intention of using that path for what I am doing - but this to me is a serious risk as anyone who has accounts on my VPS server could potentially use a similar script and have full access to my VPS root (accidentally or on purpose). Is there some setting that I am missing or need to change in my Apache settings to stop this from happening? I presumed up until today, that only I can access my VPS Root and only access it with SSH using something like WinSCP or Putty - - - and yet low and behold I have been able to access it completely through a simple filemanager script that I wrote and placed in a cPanel account of one of my hosting clients. Does that make sense? The VPS that I have is unmanaged and the company offers no help when it comes to Apache configuration (if that is my issue) or other server software setup. I have attempted all of the normal security features like making sure Fileprotect is enabled and in "Security Center" I have clicked on "Enable php open_basedir Protection." as well as several others that I have set previously. --- Just to be clear, this is my VPS server where I have created a cPanel hosting account for my client and am logged in with his cPanel/FTP credentials for working on the site. When I run the Filemanager script from his website backend - with the directory set to "/" - - - I end up with full access to VPS root directory and all subdirectories. I logged out of WHM just to make sure that there wasn't something going on with me being logged in while I was working on the site in another browser window. Thanks for taking the time to help out.