The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cpanel jailshell

Discussion in 'Security' started by selva, Feb 1, 2010.

  1. selva

    selva Registered

    Joined:
    Dec 15, 2009
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Hi All,

    In my cpanel vps i have given jailshell access to a user , but when that user logins into server through ssh or through SFTP ,then that can traverse to / directory and view all files as in the normal shell . If i want to chroot or jail the user only to his home directory what i want to do ?
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Jailshell is essentially a "chroot" environment ....

    However, as a word of caution and advice to you ---

    I do not advise under any circumstances giving regular users any shell access whatsoever and that includes "jailshell".

    Breaking out of jail to regular shell and even escalating to privileged root levels is ridiculously trivial once logged on to the system in any manner and though it might take mere seconds for someone like myself to do that, even the most inexperienced average user might even accidentally stumble upon such things given any kind of shell access and granted and given enough time.

    I'd save yourself the trouble and just simply not grant shell access as a standing policy.

    The flip side of that coin would be to look at the reason why the user requested shell access. What is the purpose? Chances are very good there may be better ways of doing the same thing that doesn't require any shell access whatsoever. With rare exception, most everything that user's think they need shell access to do, really doesn't require any shell access whatsoever and that is something I would weigh and consider as well before granting any shell access to anyone.
     
  3. mohit

    mohit Well-Known Member

    Joined:
    Jul 12, 2005
    Messages:
    553
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sticky On Internet
    how come big hosts mostly US based are happily allowing SSH access to users on their shared servers, they usually never get hacked the way you are explaining.
     
  4. WebHostDog

    WebHostDog Well-Known Member

    Joined:
    Sep 3, 2006
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Website Owner
    jailed shell seems fine to me. Giving regular bash is very dangerous. If you even get a root via jailed shell you stay only in the jail. Some companies have their own modified bash with fakeFS.
     
Loading...

Share This Page