cPanel Terminal allows users to browse the server

[i-Strategi]

Very cool with the new terminal feature in cPanel that allows users to use terminal directly from their cPanel account.

What really makes me worried, is the fact that users can "cd" all the way up to the root of the server and browse "dev" and "etc" folders and so on..

I believe this is a security issue. Users should never be able to browse outside their own home folder.

Am i panicking without a reason, or is there really a security issue here that no one has mentioned yet?

Is there a way to disable directory listing outside the users home folder?

I have CageFS and CloudLinux installed on the server as well. Making me wonder twice how the user was able to browse outside their own home folder.

 

[GOT]

With cagefs when they are browsing around it's in their own cages skeleton. For example as the user cat the /etc/passwd file. You'll see it's just got their own content in it.

 

[i-Strategi]

With cagefs when they are browsing around it's in their own cages skeleton. For example as the user cat the /etc/passwd file. You'll see it's just got their own content in it.

I will definately test that out, by placing a random file in the server root, and see if a user account can see that file.

Thanks for the reply.

 

[cPanelMichael]

Hello @i-Strategi,

This is standard behavior when accessing an account via SFTP or SSH with jailed shell access enabled due to the nature of how the Linux filesystem works. Note that while you may be able to view some directories outside of /home, account-specific data should be restricted when viewing files or listing directory contents.

Thank you.

 

[Jenifer]

What commands can I run in Jailed SSh < I have a shared Hosting they have given me jailed SSH access
"Node.js Selector is not available. Please, contact your hoster " to resolve this