[Case 135905] Shell Access disabled by default

diracuser · Nov 26, 2014

Hi, I have a weird behaviour when I create new accounts, all users have "Access shell" enabled
when I not allow "shell access" for all accounts except the administrator.
I checked the following features:
- Package --> Settings options --> Shell Access "unchecked"
- Packages --> Feature Manager ..> Edit --> API Shell "unchecked"
- Tweak Settings -->Use cPanel® jailshell by default --> "off"

How can I disable for all new accounts by default ?
Should be this situation because all new accounts, the owner is the administrator that
has "shell access" permisions ?
Thanks.

cPanelMichael · Nov 26, 2014

Hello

You can disable shell access for all accounts via:

"WHM Home » Account Functions » Manage Shell Access"

Ensure you use a package without shell access when creating the account, or click on "Select Options Manually" and ensure Shell Access is disabled.

Thank you.

jols · Nov 27, 2014

I have noticed the exact same thing for the past few weeks at least.

cPanelMichael, I know you can disable shell for all accounts via Account Functions, etc. but that's not the point.

Here's the deal - We have shell access deselected/not enabled anywhere in WHM, not in any of the settings and certainly not for newly created or existing accounts. However, when new accounts are created, we go back into WHM and these we see that according to "WHM Home » Account Functions » Manage Shell Access", the new account is showing that "Normal Shell" to be switched on. In other words, the new account has full shell access as soon as it is created, in spite of our best efforts to the contrary.

As a result, lately we've had to get in there to Modify (newly created) Account reelecting the same account package for them, i.e. to sidegrade to their original package, and this action then apparently removes Normal Shell access according to the Manage Shell Access page.

I think this presents at least a temporary security hazard every time a new account is created. What do you think?

diracuser · Nov 27, 2014

Yes jols you are right.
My Packages have disabled "Shell Access", but when I create a new account I notice that in
select Package --> Select Options Manually --> Shell Access is enabled !! ....
How is it possible if my package has disabled this option ?????

jols · Nov 27, 2014

A core security problem for the cPanel system?

I really don't know. This one has us concerned.

cPanelMichael · Dec 3, 2014

This is addressed with internal case number 135905 in cPanel version 11.46.0.19:

Fixed case 135905: During account creation, set 'hasshell' value based on selected package.

Thank you.

Thread starter	Similar threads	Forum	Replies	Date
S	[Case 191833] 11.50 View bandwidth usage not working	Account Administration	10	Jun 17, 2015
	[Case 166849] AOL / AIM / ICQ Notifications not working on one server	Account Administration	3	Feb 15, 2015
V	[Case 153777] killacct can't locate BinCheck.pm	Account Administration	5	Jan 12, 2015
M	[Case 149949 ] cPanel & SSH stops while suspending an account	Account Administration	11	Jan 5, 2015
	[Case 141949] How to update virtfs ?	Account Administration	4	Nov 21, 2014

Search

Search

[Case 135905] Shell Access disabled by default

diracuser

Active Member

cPanelMichael

Administrator

jols

Well-Known Member