crack or bug

on one box we have reseller which DOES NOT have shell access, we usually dont give shell access to any body

he resells predefined packages which they dont have shell access either.

we found out he had setup an account recently trough his control panel and packages, which has shell access.

well, there is only one 0 UID in passwd and ps is fine no sign for any crack or hack,

Then i found out there are two other users that they have shell access too, they are created with root user,

seems like some thing going on there...

also it would be nice to have an option in modify account ( WHM ) to grant shell access or disable it.

any idea on the problem?

Thanks,

 

well,

thank you for reply

actually that is not the problem, you can grant access or get shell access from a user manually from shell.

problem is security issue, how thoes accounts have shell access while they are on no shell access package.

 

Saeed,
I have them all

Nobody has shell access at all... getting scary...

 

well,
we are sure it is a bug, but what kind we dont know yet
might be bee or fly or something like that

hopefully it is not benbug (new bug created by benladen)
hehe

ok, seriously, there is no answer yet, no guess for crack, we checked many things like possible changes in ps command or other monitoring parts.
those accounts have never loged in to shell.
It is a bug somewhere...