Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

jailed shell access - how does it differ from normal shell?

Discussion in 'General Discussion' started by spaceman, Aug 4, 2004.

  1. spaceman

    spaceman Well-Known Member

    Mar 25, 2002
    Likes Received:
    Trophy Points:
    Hi All,

    Please can someone define the difference between jailed shell access and normal shell access? Educated guess is that jailed shell access is more restrictive/secure than normal, but I'd like to have the differences spelled out to me for future reference. WHM documentation was about as useful on the subject as a chocolate fire guard. :)
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. chirpy

    chirpy Well-Known Member

    Jun 15, 2002
    Likes Received:
    Trophy Points:
    Go on, have a guess
    That's about it in a nutshell. The purpose of a jailed shell environment is to offer a shell user a limited and restrictive environment within which they can perform whatever functions they want. The idea being that they can only do so much damage if they are restricted to the binaries and libraries provided ;)

    A normal shell environment gives a user full access to whatever the file system and server environment will allow for the user. It can expose your server to greater vulnerability because most binaries and libraries are available to user accounts.

    Here's my suggestions:

    1. Don't feel a false sense of security by disabling all shell accounts or by using jailed shell accounts. They do slow nefarious people down, but they aren't a panacea and breaking out of them can be trivial. You're also probably offering greater access through CGI access anyway.

    2. Just see it is one layer in a while raft of security measures.

    3. Treat them (jailed shells) as a way to prevent users doing any more accidental damage than they might with a full shell account.

    Most hosts these days either don't give shell access of any kind, or do so only on request for short periods of time, which they monitor. But do consider my point about CGI access being just as risky anyway.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice