The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

how to disable shell?

Discussion in 'Security' started by tiff2342, Nov 23, 2012.

  1. tiff2342

    tiff2342 Well-Known Member

    Joined:
    Apr 20, 2012
    Messages:
    140
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    is there a way to disable shell access on cpanel account by chmod'ing the binary? would this cause any problems?
     
  2. d'argo

    d'argo Active Member

    Joined:
    Jul 4, 2012
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    what kind of shell? bash? or php shell?
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,468
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You should have tools for this here: WHM » Account Functions » Manage Shell Access
     
  4. RandallJ

    RandallJ Member

    Joined:
    Nov 13, 2012
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    two places need this fix..

    Inside cpanel and php.ini

    The php.ini needs several fixes IMHO

    While not an expert at this.. here is where I would start. Users needing other permissions might use .htaccess or a personal php.ini file (am sure that stuff is here on this site somewhere)

    Code:
    disable_functions =exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
    In ten years of hosting.. the shell scripts have only ever been a problem.. Users leaving folders at 777 is a disaster for many..

    if a users needs shell access, give them jail_shell from inside WHM and NEVER full shell access. Disable shell for everyone else.. (jail shell is needed for SFTP and I suggest using it myself)
     
    #4 RandallJ, Nov 26, 2012
    Last edited: Nov 26, 2012
  5. tiff2342

    tiff2342 Well-Known Member

    Joined:
    Apr 20, 2012
    Messages:
    140
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    i meant like being able to access #!/bin/sh and laucnhing bash scripts
     
  6. RandallJ

    RandallJ Member

    Joined:
    Nov 13, 2012
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    That is the reason for the php.ini changes.. shell scripts are the problem, not shell access by legit users (if I am understanding your question that is) While not account specific you can then go back and turn it "on" for specific users in cpanel

    Also and not to be a fanboy for any one company or guy but Chirpy (configserver) has cxs exploit scanner that when combined with mod_security does a very good job of weeding out these nasty little scripts.

    While I watch every dime spent on servers, I really would not sleep well at night without these two helpers..
     
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,468
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
Loading...

Share This Page