The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HOLD UP... NO CHROOT in Cpanel? WTF?

Discussion in 'General Discussion' started by rnh, Apr 17, 2003.

  1. rnh

    rnh Well-Known Member

    Joined:
    Apr 15, 2003
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Am I just missing something or is Cpanel running websites on servers in a NON Chroot environment?

    I just installed Cpanel yesterday on a new server switching over from Ensim because I wanted something more secure since Ensim is so slow to update patches, but if Cpanel is running virtual hosting where the users have access to browse through each other's files and the other files on the server then that is just ridiculous.

    Are there hosts out there actually running virtual hosting that's not a chroot environment?
     
  2. Nico

    Nico Well-Known Member

    Joined:
    Dec 5, 2001
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Edmond, OK
    You might look into enabling Jail Shell from WHM. That is supposed to prevent that.
     
  3. rnh

    rnh Well-Known Member

    Joined:
    Apr 15, 2003
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    ok thanks, I haven't had too much time to look around through this yet as I've only had Cpanel for a day.

    I'm not hosting people but I am sharing my server with a few people to reduce costs but I don't trust them enough to let them run on the same server without Chroot.

    I haven't seen enable Jail shell in WHM yet... any clues on where it's at in there? =) I'll keep looking and reading though, thanks.

    I was about to start setting up chroot and jails myself manually but it seems like Cpanel doesn't like you making changes without it from shell.
     
  4. Nico

    Nico Well-Known Member

    Joined:
    Dec 5, 2001
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Edmond, OK
    Check in "Account Functions" and it's the 3rd one from the bottom in the Xskin theme anyway :)
     
  5. Marty

    Marty Well-Known Member

    Joined:
    Oct 10, 2001
    Messages:
    630
    Likes Received:
    1
    Trophy Points:
    18
    In WHM, look for a link called "Manage Shell Access" or something similar. You can enable shell, disable shell, or enable jail shell on a per account basis from there.
     
  6. rnh

    rnh Well-Known Member

    Joined:
    Apr 15, 2003
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Hmm, I forgot to mention I'm running FreeBSD (4.7)...

    WHM 6.0.0
    Cpanel 6.0.0-S113

    Just installed the night before last with the latest version available for FreeBSD

    All that I have under manage shell access is enable/disable...

    FTP is jailed, however SSH is not.

    I like to connect to FTP via SSH so that usernames and passwords are encrypted, I don't like making the people I share the server with login via plain text FTP, but I guess that they'll have to until the FreeBSD version supports Jail Shell.
     
  7. rnh

    rnh Well-Known Member

    Joined:
    Apr 15, 2003
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    dangit. I switched to Cpanel because it was supposed to be more secure than Ensim because Ensim takes way too frigging long to update and then I had to go and choose FreeBSD over Linux because Linux had so many vulnerabilities last year and Cpanel ends up being several weeks behind on their FreeBSD version.

    Great :(
     
  8. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    415
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    But we're weeks AHEAD on mySQL and email issues. :)

    Hmmm, so Ensim doesn't update every other day? Maybe they try to make sure things are stable? :rolleyes:
     
  9. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
  10. rnh

    rnh Well-Known Member

    Joined:
    Apr 15, 2003
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    yeah but I'd like a happy medium between "living life on the edge" (aka reporting bugs on a daily basis) and "I've been running my server for 6 months with widely known vulnerabilities installed with no option for patching them while I wait for some overpaid programmer to get done playing Everquest and spend 5 minutes renaming an RPM file from sendmail.x-x-x.3.whatever.rpm to sendmail.x-x-x.3.whatever.rpmEnsim8 so that it's compatible with the hacked Ensim RPMs on my system"

    It's so ridiculous... Ensim only has to take the work of some open source programmers and "apply their changes" whatever that happens to be, and we have to wait forever for their patches to come out before it's safe to upgrade.

    The problem with Cpanel is that they're spreading themselves too thin.

    Sure, Cpanel has a lot of features, but what good are features when NONE of them even work?

    I'd take unstable over insecure, but I'd like to be able to turn some of these features of Cpanel off as it's just too confusing and overwhelming for the end user. Nothing even works and they don't need all that crap.
     
  11. rnh

    rnh Well-Known Member

    Joined:
    Apr 15, 2003
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    again, what does this have to do with you?
     
Loading...

Share This Page