Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

crack or bug

Discussion in 'General Discussion' started by ehsan, Jun 23, 2002.

  1. ehsan

    ehsan Well-Known Member

    Joined:
    Dec 11, 2001
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    316
    on one box we have reseller which DOES NOT have shell access, we usually dont give shell access to any body :)

    he resells predefined packages which they dont have shell access either.

    we found out he had setup an account recently trough his control panel and packages, which has shell access.

    well, there is only one 0 UID in passwd and ps is fine no sign for any crack or hack,

    Then i found out there are two other users that they have shell access too, they are created with root user,

    seems like some thing going on there...

    also it would be nice to have an option in modify account ( WHM ) to grant shell access or disable it.

    any idea on the problem?

    Thanks,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 ehsan, Jun 23, 2002
  2. ZachICU

    ZachICU Well-Known Member

    Joined:
    Aug 11, 2001
    Messages:
    130
    Likes Received:
    0
    Trophy Points:
    316
    If you want to disable all shell access, just modify your packages and it will update all accounts with those packages.

    If you want to easily switch between has shell or does not have shell you could create two packages with the same stats EXCEPT one has shell access and one doesnt.

    Then you can turn it off and on. :)

    Hope that helps you
    Zach
     
    #2 ZachICU, Jun 23, 2002
  3. ehsan

    ehsan Well-Known Member

    Joined:
    Dec 11, 2001
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    316
    well,

    thank you for reply

    actually that is not the problem, you can grant access or get shell access from a user manually from shell.

    problem is security issue, how thoes accounts have shell access while they are on no shell access package.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 ehsan, Jun 23, 2002
  4. SHSaeed

    SHSaeed Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    245
    Likes Received:
    0
    Trophy Points:
    316
    Ehsan, in the reseller center, make sure you have these options checked/unchecked..

    [] Allow Creation of Packages with Shell Access
    [] All Features (warning: root access)
    [X] Never allow creation of accounts with shell access
    [] Account Modification (warning: this will allow circumvention of account creation limits, give shell access, dedicated ips, etc)
     
    #4 SHSaeed, Jun 24, 2002
  5. ehsan

    ehsan Well-Known Member

    Joined:
    Dec 11, 2001
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    316
    Saeed,
    I have them all :)

    Nobody has shell access at all... getting scary...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 ehsan, Jun 24, 2002
  6. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    7
    Trophy Points:
    318
    Location:
    back woods of NC, USA
    so did we find out if this was a &crack or bug& or a &crack in a bug& or maybe it is a &bug in a crack& ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 rpmws, Jun 25, 2002
  7. ehsan

    ehsan Well-Known Member

    Joined:
    Dec 11, 2001
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    316
    well,
    we are sure it is a bug, but what kind we dont know yet
    might be bee or fly or something like that :)

    hopefully it is not benbug (new bug created by benladen)
    hehe

    ok, seriously, there is no answer yet, no guess for crack, we checked many things like possible changes in ps command or other monitoring parts.
    those accounts have never loged in to shell.
    It is a bug somewhere...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #7 ehsan, Jun 25, 2002
(You must log in or sign up to post here.)

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice