HOLD UP... NO CHROOT in Cpanel? WTF?

[rnh]

Am I just missing something or is Cpanel running websites on servers in a NON Chroot environment?

I just installed Cpanel yesterday on a new server switching over from Ensim because I wanted something more secure since Ensim is so slow to update patches, but if Cpanel is running virtual hosting where the users have access to browse through each other's files and the other files on the server then that is just ridiculous.

Are there hosts out there actually running virtual hosting that's not a chroot environment?

 

[Nico]

You might look into enabling Jail Shell from WHM. That is supposed to prevent that.

 

[rnh]

ok thanks, I haven't had too much time to look around through this yet as I've only had Cpanel for a day.

I'm not hosting people but I am sharing my server with a few people to reduce costs but I don't trust them enough to let them run on the same server without Chroot.

I haven't seen enable Jail shell in WHM yet... any clues on where it's at in there? =) I'll keep looking and reading though, thanks.

I was about to start setting up chroot and jails myself manually but it seems like Cpanel doesn't like you making changes without it from shell.

 

[Nico]

Check in "Account Functions" and it's the 3rd one from the bottom in the Xskin theme anyway

 

[Marty]

In WHM, look for a link called "Manage Shell Access" or something similar. You can enable shell, disable shell, or enable jail shell on a per account basis from there.

 

[rnh]

Hmm, I forgot to mention I'm running FreeBSD (4.7)...

WHM 6.0.0
Cpanel 6.0.0-S113

Just installed the night before last with the latest version available for FreeBSD

All that I have under manage shell access is enable/disable...

FTP is jailed, however SSH is not.

I like to connect to FTP via SSH so that usernames and passwords are encrypted, I don't like making the people I share the server with login via plain text FTP, but I guess that they'll have to until the FreeBSD version supports Jail Shell.

 

[rnh]

dangit. I switched to Cpanel because it was supposed to be more secure than Ensim because Ensim takes way too frigging long to update and then I had to go and choose FreeBSD over Linux because Linux had so many vulnerabilities last year and Cpanel ends up being several weeks behind on their FreeBSD version.

Great

 

[SageBrian]

But we're weeks AHEAD on mySQL and email issues.

Hmmm, so Ensim doesn't update every other day? Maybe they try to make sure things are stable?

 

[Radio_Head]

http://forums.cpanel.net/showthread.php?s=&threadid=9026

 

[rnh]

Originally posted by SageBrian
Hmmm, so Ensim doesn't update every other day? Maybe they try to make sure things are stable?

yeah but I'd like a happy medium between "living life on the edge" (aka reporting bugs on a daily basis) and "I've been running my server for 6 months with widely known vulnerabilities installed with no option for patching them while I wait for some overpaid programmer to get done playing Everquest and spend 5 minutes renaming an RPM file from sendmail.x-x-x.3.whatever.rpm to sendmail.x-x-x.3.whatever.rpmEnsim8 so that it's compatible with the hacked Ensim RPMs on my system"

It's so ridiculous... Ensim only has to take the work of some open source programmers and "apply their changes" whatever that happens to be, and we have to wait forever for their patches to come out before it's safe to upgrade.

The problem with Cpanel is that they're spreading themselves too thin.

Sure, Cpanel has a lot of features, but what good are features when NONE of them even work?

I'd take unstable over insecure, but I'd like to be able to turn some of these features of Cpanel off as it's just too confusing and overwhelming for the end user. Nothing even works and they don't need all that crap.

 

[rnh]

again, what does this have to do with you?