Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPanel Terminal allows users to browse the server

Discussion in 'General Discussion' started by i-Strategi, Feb 27, 2019.

  1. i-Strategi

    i-Strategi Member

    Joined:
    Mar 14, 2016
    Messages:
    13
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
    Twitter:
    Very cool with the new terminal feature in cPanel that allows users to use terminal directly from their cPanel account.

    What really makes me worried, is the fact that users can "cd" all the way up to the root of the server and browse "dev" and "etc" folders and so on..

    I believe this is a security issue. Users should never be able to browse outside their own home folder.

    Am i panicking without a reason, or is there really a security issue here that no one has mentioned yet?

    Is there a way to disable directory listing outside the users home folder?

    I have CageFS and CloudLinux installed on the server as well. Making me wonder twice how the user was able to browse outside their own home folder.
     
  2. GOT

    GOT Get Proactive! PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,372
    Likes Received:
    154
    Trophy Points:
    193
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    With cagefs when they are browsing around it's in their own cages skeleton. For example as the user cat the /etc/passwd file. You'll see it's just got their own content in it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    i-Strategi likes this.
  3. i-Strategi

    i-Strategi Member

    Joined:
    Mar 14, 2016
    Messages:
    13
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
    Twitter:
    I will definately test that out, by placing a random file in the server root, and see if a user account can see that file.

    Thanks for the reply.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,009
    Likes Received:
    2,123
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @i-Strategi,

    This is standard behavior when accessing an account via SFTP or SSH with jailed shell access enabled due to the nature of how the Linux filesystem works. Note that while you may be able to view some directories outside of /home, account-specific data should be restricted when viewing files or listing directory contents.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice