The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Jailshell Possible Problem?

Discussion in 'General Discussion' started by internethosting, Jan 2, 2004.

  1. internethosting

    internethosting Well-Known Member

    Joined:
    Aug 18, 2003
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    Maybe I can get some feedback on an issue I have been monitoring for the past few weeks. I loved the new "Manage Shell" feature that I found in WHM, but I am confused. The first time I looked in "Manage Shell", I noticed some of my users were set for JAILSHELL, and others were set for /bin/bash ... I didn't think much of it. I "JAILED" all my users, and was done with it.

    Heres the problem; every few days I go in and look, and I find that some of my users are randomly set back to /bin/bash instead of JAILED. Could this be getting screwed up when a reseller 'upgrades/downgrades' an account.?

    PS> In 'tweaks' I do have the option set to jail new users.

    How can I make sure they stay JAILED. ?

    If I'm missing something, I'm sorry. I have spent a lot of time trying to figure this out, but this is the same issue on all our servers (all running different cpanel versions).

    Thanks
    Tim -
     
  2. internethosting

    internethosting Well-Known Member

    Joined:
    Aug 18, 2003
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    One more things.

    Dear CPanel Gods,

    If I could only wish for one feature. Can you add a button in "Manage Shell" to DISABLE ALL SHELLs?
    I see that you have "JAIL ALL USERS", but I sometimes would like to Disable All, then turn on only a select few.

    Thanks much,
    Tim
     
  3. internethosting

    internethosting Well-Known Member

    Joined:
    Aug 18, 2003
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    Am I really the only person with this problem?
     
  4. jphilipson

    jphilipson Well-Known Member

    Joined:
    Jan 8, 2003
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    6
    Disable all shells would be a nice feature lol..
     
  5. jsteel

    jsteel Well-Known Member

    Joined:
    Jul 4, 2002
    Messages:
    646
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Atlanta, GA

    You are not alone. Even if you have the tweak setting for "Use jailshell as the default shell for all new accounts (linux 2.4 or later only)" enabled, whenever an account gets modified (via reseller or from master WHM), the damn thing sets the user to /bin/bash if they were configured for shell access at all.

    I've been meaning to open a ticket on this for awhile now. I'll get to it tomorrow.

    I wish the system would just look to see exactly what shell was being used and then set it back to that (as we do intermix them for various accounts). I think WHM is currently just scanning the /etc/passwd file for noshell and if it doesn't see that for the user and defaults it to /bin/bash automatically (royal pain).
     
  6. internethosting

    internethosting Well-Known Member

    Joined:
    Aug 18, 2003
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    I'll open a ticket as well. This is a royal pain, but!.. it can also be a huge secuity problem.
    I don't even want my resellers having full shell, much less giving them the ability to give their friends, etc. full shell.

    I know the cpanel programmers are busy with a lot of different issues, but this needs to be added to the list of security issues.

    Thanks for coming forward, I thought maybe I was the only one seeing this.

    Who knows, Cpanel staff might not even know about this issue.

    Thanks again,
    Tim
     
  7. cyon

    cyon Well-Known Member
    PartnerNOC

    Joined:
    Jan 15, 2003
    Messages:
    320
    Likes Received:
    0
    Trophy Points:
    16
    yah, that would be a nice feature.
     
Loading...

Share This Page