Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPanel Terminal allows users to browse the server

Discussion in 'General Discussion' started by i-Strategi, Feb 27, 2019.

Tags:
  1. i-Strategi

    i-Strategi Member

    Joined:
    Mar 14, 2016
    Messages:
    13
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
    Twitter:
    Very cool with the new terminal feature in cPanel that allows users to use terminal directly from their cPanel account.

    What really makes me worried, is the fact that users can "cd" all the way up to the root of the server and browse "dev" and "etc" folders and so on..

    I believe this is a security issue. Users should never be able to browse outside their own home folder.

    Am i panicking without a reason, or is there really a security issue here that no one has mentioned yet?

    Is there a way to disable directory listing outside the users home folder?

    I have CageFS and CloudLinux installed on the server as well. Making me wonder twice how the user was able to browse outside their own home folder.
     
    #1 i-Strategi, Feb 27, 2019
  2. GOT

    GOT Get Proactive! PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,372
    Likes Received:
    154
    Trophy Points:
    193
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    With cagefs when they are browsing around it's in their own cages skeleton. For example as the user cat the /etc/passwd file. You'll see it's just got their own content in it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 GOT, Feb 27, 2019
    i-Strategi likes this.
  3. i-Strategi

    i-Strategi Member

    Joined:
    Mar 14, 2016
    Messages:
    13
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
    Twitter:
    I will definately test that out, by placing a random file in the server root, and see if a user account can see that file.

    Thanks for the reply.
     
    #3 i-Strategi, Feb 27, 2019
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,009
    Likes Received:
    2,123
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @i-Strategi,

    This is standard behavior when accessing an account via SFTP or SSH with jailed shell access enabled due to the nature of how the Linux filesystem works. Note that while you may be able to view some directories outside of /home, account-specific data should be restricted when viewing files or listing directory contents.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelMichael, Feb 27, 2019
(You must log in or sign up to post here.)
Loading...
Similar Threads - cPanel Terminal allows
  1. seb.witt

    SOLVED [CPANEL-22645] Shells spawned via cPanel Terminal inherit memory limits from cpsrvd

    seb.witt, Oct 21, 2018, in forum: General Discussion
    Replies:
    5
    Views:
    1,029
    cPanelMichael
    Oct 25, 2018
  2. mehdix92

    SOLVED [CPANEL-22226] cpsrvd websocket process (Terminal feature) hangs and uses 100% CPU

    mehdix92, Aug 9, 2018, in forum: General Discussion
    Replies:
    7
    Views:
    1,285
    Nicola Urbinati
    Oct 3, 2018
  3. Havri

    SOLVED [CPANEL-20490] cPanel terminal feature and CageFS

    Havri, Jul 16, 2018, in forum: Security
    Replies:
    2
    Views:
    979
    cPanelMichael
    Aug 23, 2018
  4. profesor_berkeley

    New Thread Cómo instalar Node.Js cpAddon en cPanel?

    profesor_berkeley, May 24, 2019 at 6:54 PM, in forum: Discusión en Español
    Replies:
    0
    Views:
    26
    profesor_berkeley
    May 24, 2019 at 6:54 PM
  5. JustAGuyUsingWHM

    Problems Detected with cPanel Controlled RPMs

    JustAGuyUsingWHM, May 24, 2019 at 3:27 AM, in forum: General Discussion
    Replies:
    2
    Views:
    212
    cPanelLauren
    May 24, 2019 at 10:46 AM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice