cPanel Terminal allows users to browse the server

i-Strategi

Member
Mar 14, 2016
13
1
3
Denmark
cPanel Access Level
Root Administrator
Twitter
Very cool with the new terminal feature in cPanel that allows users to use terminal directly from their cPanel account.

What really makes me worried, is the fact that users can "cd" all the way up to the root of the server and browse "dev" and "etc" folders and so on..

I believe this is a security issue. Users should never be able to browse outside their own home folder.

Am i panicking without a reason, or is there really a security issue here that no one has mentioned yet?

Is there a way to disable directory listing outside the users home folder?

I have CageFS and CloudLinux installed on the server as well. Making me wonder twice how the user was able to browse outside their own home folder.
 

GOT

Get Proactive!
PartnerNOC
Apr 8, 2003
1,764
319
363
Chesapeake, VA
cPanel Access Level
DataCenter Provider
With cagefs when they are browsing around it's in their own cages skeleton. For example as the user cat the /etc/passwd file. You'll see it's just got their own content in it.
 
  • Like
Reactions: i-Strategi

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,237
463
Hello @i-Strategi,

This is standard behavior when accessing an account via SFTP or SSH with jailed shell access enabled due to the nature of how the Linux filesystem works. Note that while you may be able to view some directories outside of /home, account-specific data should be restricted when viewing files or listing directory contents.

Thank you.
 

Jenifer

Registered
Nov 5, 2019
1
0
1
India
cPanel Access Level
Root Administrator
What commands can I run in Jailed SSh < I have a shared Hosting they have given me jailed SSH access
"Node.js Selector is not available. Please, contact your hoster " to resolve this