advanced security

Can you please elaborate on what you mean by "Don't let any account run under user 'root'?" When a user logs into cPanel, functions run as the cPanel account user, not as root. I am not exactly sure what you are requesting.

 

Are you referring to if you login using the user's username and your root (or reseller) password, that their cPanel runs reseller override mode? This behavior can be customized in Tweak Settings: "Accounts that can access a cPanel user account."

Generally speaking, a root password should not be so weak that another user manages to choose it as their password, or guess it.

 

On contemporary installations of cPanel&WHM, we install SuPHP and SuExec by default. If you are using an older installation (>1 year), you can just use EasyApache to install SuPHP and SuExec. This forces user scripts to always run as the user. Otherwise, you are running the script as user nobody (not root). The issue with running as user nobody is that any script can rewrite another user's scripts, since they all run as the same user. SuPHP and SuExec instead force scripts to run as the actual system/cPanel user and thus this is no longer possible thanks to the enforcement of Operating System permissions. SuPHP and SuExec is recommended practice for commercial shared hosting servers running cPanel&WHM.

In cPanel&WHM, cPanel user passwords are never encrypted, they are hashed. Hashing means something can be compared to see if it is correct, but it is infeasible to reverse that hash to reveal the password that hash represents. This means there is no practical way to retrieve a password, but we do backup the password hash inside the backup file so the same password can be used on a new cPanel server. Remember, the act of restoring a cPanel account also creates that cPanel account using the password hash, so the user can maintain the same password they always had.

If you could mention why a backup file would need to be "cracked" I may be able to address your concern through existing functionality of our software.

 

Okay, let's explore this scenario:

You make a backup because you want to move to a new hosting provider

The new hosting provider can setup a shell account so you can have your backup SCP'd from your current cPanel account to your new hosting provider. The transmission is encrypted (since SCP is done within SSH) so data cannot be intercepted easily. Since this is being transferred as a system user (SSH cannot be done as a virtual user in cPanel&WHM environments at this time), operating system permissions are enforced meaning only that the (likely temporary) shell user and root have access to that file.

If the root user becomes compromised, there's bigger issues to be dealing with than just backups.


Is there a specific item you desire for us to implement?

I don't mind an intellectual discussion about the security capabilities of our software, I just think such a discussion is more appropriate for our cPanel & WHM Security forum rather than a feature request thread.

 

Absolutely.

I'm not sure where this discussion is headed myself, as cPanel doesn't "let users run programs as root". Backups are run as root, but that's for security. That's not really a cPanel issue though.

Too many people insist that cPanel is responsible for "administration of servers" and "security", when that's not the case. Sure, cPanel does make the job easier, but security and administration is always something that should be taken care of manually.