The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

create new cPanel user not owned by root

Discussion in 'Security' started by jimlongo, Apr 17, 2013.

  1. jimlongo

    jimlongo Well-Known Member

    Joined:
    Mar 20, 2008
    Messages:
    145
    Likes Received:
    2
    Trophy Points:
    18
    I'm trying to create a new cPanel account.
    Whenever i do it's owned by root. This allows shell access outside of the domain.

    How do i create a new account without root access?

    Thanks,
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,481
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    When creating the Package you gave the user, there was a section at bottom of the Package Creation screen with an option for Shell Access. Just because an account is owned by root does not give them shell access.

    WHM » Server Configuration » Tweak Settings, System tab, Default shell jailed [off]
     
  3. jimlongo

    jimlongo Well-Known Member

    Joined:
    Mar 20, 2008
    Messages:
    145
    Likes Received:
    2
    Trophy Points:
    18
    You mean it can't be setup so that they can ssh to their home folder, just like they are restricted with ftp?
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,481
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I'm not sure I'm following your question properly.
     
  5. jimlongo

    jimlongo Well-Known Member

    Joined:
    Mar 20, 2008
    Messages:
    145
    Likes Received:
    2
    Trophy Points:
    18
    Can't i set it up so that they ssh to their home folder on the server. But they don't have access to anything below that.
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,481
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  7. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Any account with normal shell access will have read access to "/" and any other world-readible directories like /etc/. This is normal, it's just how linux/unix works. What you want is a shell with chroot, but that's way easier said than done. I don't even think jailshell actually chroots the user, but I could be wrong on that. You'd probably need cloudlinux with CageFS to prevent shell/SFTP accounts from reading above their home directories. Keep in mind just because they can see something doesn't mean they can change anything.
     
Loading...

Share This Page