jailed shell access - how does it differ from normal shell?

[spaceman]

Hi All,

Please can someone define the difference between jailed shell access and normal shell access? Educated guess is that jailed shell access is more restrictive/secure than normal, but I'd like to have the differences spelled out to me for future reference. WHM documentation was about as useful on the subject as a chocolate fire guard.

 

[chirpy]

That's about it in a nutshell. The purpose of a jailed shell environment is to offer a shell user a limited and restrictive environment within which they can perform whatever functions they want. The idea being that they can only do so much damage if they are restricted to the binaries and libraries provided

A normal shell environment gives a user full access to whatever the file system and server environment will allow for the user. It can expose your server to greater vulnerability because most binaries and libraries are available to user accounts.

Here's my suggestions:

1. Don't feel a false sense of security by disabling all shell accounts or by using jailed shell accounts. They do slow nefarious people down, but they aren't a panacea and breaking out of them can be trivial. You're also probably offering greater access through CGI access anyway.

2. Just see it is one layer in a while raft of security measures.

3. Treat them (jailed shells) as a way to prevent users doing any more accidental damage than they might with a full shell account.

Most hosts these days either don't give shell access of any kind, or do so only on request for short periods of time, which they monitor. But do consider my point about CGI access being just as risky anyway.