The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

chroot'ing users after SFTP?

Discussion in 'General Discussion' started by jez9999, Jan 18, 2008.

  1. jez9999

    jez9999 Well-Known Member

    Joined:
    Jun 10, 2005
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    With the newfound focus on security, are there any plans for an interface to be added in cPanel to make it nice and easy to limit user accounts to a given home directory when they log in to the server using Secure FTP? I've read some stuff on the web about doing it using chroot, but it is unbelievably complicated, and it seems to me this is exactly the kind of thing cPanel was made to simplify. At the moment, I have to still enable the unencrypted FTP because you can lock users into a certain home directory with that but SFTP lets them browse the whole file system, which I don't want.
     
  2. isranet

    isranet Member

    Joined:
    Nov 20, 2007
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Israel
    Just tried to check this with WinSCP and found out you are right.
    I was able not only to see all the server filesystem but also open and view the contents of many system files. Furtunally there was no sufficient rights to delete or change these files.

    Also I found that when I see the contents of passwd file in /etc/ directory with some user I can see only system accounts and this particular user info.

    Anyway I agree with jez9999 this is very serious security mismatch that need to be covered
     
  3. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Just change the users shell to jailshell
     
  4. isranet

    isranet Member

    Joined:
    Nov 20, 2007
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Israel
    My users have no shell access at all
     
  5. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Please open a ticket as something is mis configured.
     
  6. isranet

    isranet Member

    Joined:
    Nov 20, 2007
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Israel
    I think I solved the problem by enabling Host Access Control rules for SSHD
     
  7. johnmigen

    johnmigen Active Member

    Joined:
    Jan 19, 2008
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Would you be able to share what you changed?
     
  8. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,460
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
  9. mathildedf

    mathildedf Registered

    Joined:
    Jun 5, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    jailshell

    Enabling jailshell for new users from the WHM corrected the problem for me:

    You can enable jailshell from Tweak Settings under Server Setup on the WHM main page. Scroll down to "System" and check "Use jailshell as the default shell for all new accounts and modified accounts".
     
  10. rfhmendes

    rfhmendes Member

    Joined:
    Jul 7, 2008
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    I'm having the same issue as described above from other users. I did this now and didn't worked. Any advise?! Thank you in advance. =/


    Best regards,
    R. Mendes
     
Loading...

Share This Page