The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Case 135905] Shell Access disabled by default

Discussion in 'General Discussion' started by diracuser, Nov 26, 2014.

  1. diracuser

    diracuser Member

    Joined:
    Oct 22, 2014
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi, I have a weird behaviour when I create new accounts, all users have "Access shell" enabled
    when I not allow "shell access" for all accounts except the administrator.
    I checked the following features:
    - Package --> Settings options --> Shell Access "unchecked"
    - Packages --> Feature Manager ..> Edit --> API Shell "unchecked"
    - Tweak Settings -->Use cPanel® jailshell by default --> "off"

    How can I disable for all new accounts by default ?
    Should be this situation because all new accounts, the owner is the administrator that
    has "shell access" permisions ?
    Thanks.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can disable shell access for all accounts via:

    "WHM Home » Account Functions » Manage Shell Access"

    Ensure you use a package without shell access when creating the account, or click on "Select Options Manually" and ensure Shell Access is disabled.

    Thank you.
     
  3. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    I have noticed the exact same thing for the past few weeks at least.

    cPanelMichael, I know you can disable shell for all accounts via Account Functions, etc. but that's not the point.

    Here's the deal - We have shell access deselected/not enabled anywhere in WHM, not in any of the settings and certainly not for newly created or existing accounts. However, when new accounts are created, we go back into WHM and these we see that according to "WHM Home » Account Functions » Manage Shell Access", the new account is showing that "Normal Shell" to be switched on. In other words, the new account has full shell access as soon as it is created, in spite of our best efforts to the contrary.

    As a result, lately we've had to get in there to Modify (newly created) Account reelecting the same account package for them, i.e. to sidegrade to their original package, and this action then apparently removes Normal Shell access according to the Manage Shell Access page.

    I think this presents at least a temporary security hazard every time a new account is created. What do you think?
     
    #3 jols, Nov 27, 2014
    Last edited: Nov 27, 2014
  4. diracuser

    diracuser Member

    Joined:
    Oct 22, 2014
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Yes jols you are right.
    My Packages have disabled "Shell Access", but when I create a new account I notice that in
    select Package --> Select Options Manually --> Shell Access is enabled !! ....
    How is it possible if my package has disabled this option ?????
     
  5. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    A core security problem for the cPanel system?

    I really don't know. This one has us concerned.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    This is addressed with internal case number 135905 in cPanel version 11.46.0.19:

    Fixed case 135905: During account creation, set 'hasshell' value based on selected package.

    Thank you.
     
Loading...

Share This Page