chroot'ing users after SFTP?

jez9999

Well-Known Member
Jun 10, 2005
87
0
156
Hi,

With the newfound focus on security, are there any plans for an interface to be added in cPanel to make it nice and easy to limit user accounts to a given home directory when they log in to the server using Secure FTP? I've read some stuff on the web about doing it using chroot, but it is unbelievably complicated, and it seems to me this is exactly the kind of thing cPanel was made to simplify. At the moment, I have to still enable the unencrypted FTP because you can lock users into a certain home directory with that but SFTP lets them browse the whole file system, which I don't want.
 

isranet

Member
Nov 20, 2007
8
0
51
Israel
Just tried to check this with WinSCP and found out you are right.
I was able not only to see all the server filesystem but also open and view the contents of many system files. Furtunally there was no sufficient rights to delete or change these files.

Also I found that when I see the contents of passwd file in /etc/ directory with some user I can see only system accounts and this particular user info.

Anyway I agree with jez9999 this is very serious security mismatch that need to be covered
 

mathildedf

Registered
Jun 5, 2007
2
0
151
jailshell

Enabling jailshell for new users from the WHM corrected the problem for me:

You can enable jailshell from Tweak Settings under Server Setup on the WHM main page. Scroll down to "System" and check "Use jailshell as the default shell for all new accounts and modified accounts".
 

rfhmendes

Member
Jul 7, 2008
18
0
51
Enabling jailshell for new users from the WHM corrected the problem for me:

You can enable jailshell from Tweak Settings under Server Setup on the WHM main page. Scroll down to "System" and check "Use jailshell as the default shell for all new accounts and modified accounts".
Hello,

I'm having the same issue as described above from other users. I did this now and didn't worked. Any advise?! Thank you in advance. =/


Best regards,
R. Mendes