[Case 135905] Shell Access disabled by default

diracuser

Active Member
Oct 22, 2014
41
1
8
cPanel Access Level
Root Administrator
Hi, I have a weird behaviour when I create new accounts, all users have "Access shell" enabled
when I not allow "shell access" for all accounts except the administrator.
I checked the following features:
- Package --> Settings options --> Shell Access "unchecked"
- Packages --> Feature Manager ..> Edit --> API Shell "unchecked"
- Tweak Settings -->Use cPanel® jailshell by default --> "off"

How can I disable for all new accounts by default ?
Should be this situation because all new accounts, the owner is the administrator that
has "shell access" permisions ?
Thanks.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
Hello :)

You can disable shell access for all accounts via:

"WHM Home » Account Functions » Manage Shell Access"

Ensure you use a package without shell access when creating the account, or click on "Select Options Manually" and ensure Shell Access is disabled.

Thank you.
 

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
I have noticed the exact same thing for the past few weeks at least.

cPanelMichael, I know you can disable shell for all accounts via Account Functions, etc. but that's not the point.

Here's the deal - We have shell access deselected/not enabled anywhere in WHM, not in any of the settings and certainly not for newly created or existing accounts. However, when new accounts are created, we go back into WHM and these we see that according to "WHM Home » Account Functions » Manage Shell Access", the new account is showing that "Normal Shell" to be switched on. In other words, the new account has full shell access as soon as it is created, in spite of our best efforts to the contrary.

As a result, lately we've had to get in there to Modify (newly created) Account reelecting the same account package for them, i.e. to sidegrade to their original package, and this action then apparently removes Normal Shell access according to the Manage Shell Access page.

I think this presents at least a temporary security hazard every time a new account is created. What do you think?
 
Last edited:

diracuser

Active Member
Oct 22, 2014
41
1
8
cPanel Access Level
Root Administrator
Yes jols you are right.
My Packages have disabled "Shell Access", but when I create a new account I notice that in
select Package --> Select Options Manually --> Shell Access is enabled !! ....
How is it possible if my package has disabled this option ?????
 

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
A core security problem for the cPanel system?

I really don't know. This one has us concerned.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,216
463
This is addressed with internal case number 135905 in cPanel version 11.46.0.19:

Fixed case 135905: During account creation, set 'hasshell' value based on selected package.

Thank you.