The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Jail SSH?

Discussion in 'General Discussion' started by BWS, Nov 25, 2003.

  1. BWS

    BWS Active Member

    Joined:
    Nov 20, 2003
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    I've enebaled JailShell in WHM, however you can still cd out of /home/username ...

    Is that normal? And if it is, is there anyway to make it more secure?
     
  2. trparky

    trparky Well-Known Member

    Joined:
    Apr 23, 2003
    Messages:
    184
    Likes Received:
    1
    Trophy Points:
    0
    Yes, you still can CD out of your user folder, but you only have access to your user folder in /home.
     
  3. BWS

    BWS Active Member

    Joined:
    Nov 20, 2003
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    I'd rather they didn't have access to anything other than /home/username - is this possible?
     
  4. jsteel

    jsteel Well-Known Member

    Joined:
    Jul 4, 2002
    Messages:
    646
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Atlanta, GA
    Not if you want them to be able to do anything besides log in and just sit there. They're going to need access to things like /usr/bin (and a few others) just for basic shell functionality. If you don't want them to have that, don't give them shell access.
     
  5. BWS

    BWS Active Member

    Joined:
    Nov 20, 2003
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    OK, so I want them to be able to edit and move around files, cron etc. but would rather they couldn't fish down into the configuration files!
     
  6. elleryjh

    elleryjh Well-Known Member

    Joined:
    Apr 12, 2003
    Messages:
    479
    Likes Received:
    0
    Trophy Points:
    16
    There's really not much they can do with a jailshell. They can actually do more with perl.
     
  7. BWS

    BWS Active Member

    Joined:
    Nov 20, 2003
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    OK - So any advice on really securing this?

    Jail Shell as far as I can see only stops users looking into other users home directories. Is there any way to stop them poking around deeper in the server?
     
  8. elleryjh

    elleryjh Well-Known Member

    Joined:
    Apr 12, 2003
    Messages:
    479
    Likes Received:
    0
    Trophy Points:
    16
    I think it's more secure than you think. It provides access to some files, but only those necessary for them to use the shell and see their own configuration.
     
  9. macmeister

    macmeister Member

    Joined:
    Nov 21, 2003
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Jail is an excellent concept when it works

    I'd been using SSH for some time and recently switched to jailshell, but now SCP and other things are broken.

    Test it for yourself and you'll see. Is anyone at CPanel working on this one?

    Reproduce related problem here:
    See that this standard command works right now:
    /bin/ls -la | /usr/bin/uuencode f-o_++_o-f

    1. From window one, SSH in with:
    ssh -l user www.domain.com

    2. From your local machine in another terminal do an upload with:
    scp -p test.txt user@www.domain.com:/home/user

    3. Go back to window one and again try:
    /bin/ls -la | /usr/bin/uuencode f-o_++_o-f
    (it worked before the upload)
    ===========
    This is just a symptom of it all? None of my GUI SSH tools work anymore because of this small issue, but I think is related to a deeper issue. Please put this on the list as well as any other issues related to jailssh.

    If there is another command that I could issue after the connection is made to fix it for now, please let me know a workaround.
     
Loading...

Share This Page