The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

keeping users in their home directory

Discussion in 'General Discussion' started by webJ, Jul 15, 2003.

  1. webJ

    webJ Active Member

    Joined:
    Apr 9, 2003
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    I've noticed that even a jailed user can cd .. and thus browse via ssh outside of his/her home directory. Is there any way to disable this without breaking cpanel? It seems to me that for all users to be able to browse thru the whole server is kind of an unnecessary security risk.

    cPanel.net Support Ticket Number:

    cPanel.net Support Ticket Number:
     
  2. Stefaans

    Stefaans Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    451
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Vancouver, Canada
    I think the directories you see are virtual directories created for the sake of the bindshell session. The user not seeing the real stuff!

    cPanel.net Support Ticket Number:
     
  3. webJ

    webJ Active Member

    Joined:
    Apr 9, 2003
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Not true.

    cPanel.net Support Ticket Number:
     
  4. vis

    vis Member

    Joined:
    Feb 16, 2002
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    There is no way to jail users to their home directories and still have a shell be usefull. If you only allow users to access /home/user they won't be able to run any programs making shell access useless.

    If you look around the jailed shell more closely you would realise that users can't see

    full /etc/passwd
    /var/named
    /home/otherusers

    and tons more

    not being able to see other user's files or even their user names is the point of the jail.

    a jailed user should be dropped into / when they login. then they have to cd to /home/username. if this isn't the case maybe your jailshell isn't working properly at all

    Look closer.

    cPanel.net Support Ticket Number:
     
  5. webJ

    webJ Active Member

    Joined:
    Apr 9, 2003
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Thank You

    cPanel.net Support Ticket Number:
     
  6. NiteStalker22

    NiteStalker22 Active Member

    Joined:
    May 13, 2002
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    I seriously don't condone using jailshell ..it's about the most dangerous thing to do on the system ...seeing as someone had to go and hard-link the directories in /home/virtfs to / .....VERY FRIGGIN' SMART!!!!! :rolleyes:

    cPanel.net Support Ticket Number:
     
  7. imagic

    imagic Well-Known Member

    Joined:
    Jan 16, 2003
    Messages:
    156
    Likes Received:
    0
    Trophy Points:
    16
    I'm not sure I understand what you mean. Are you saying that jailshell gives users MORE access to the server files than not using jailshell?

    cPanel.net Support Ticket Number:
     
  8. tekgear

    tekgear Member

    Joined:
    Apr 23, 2003
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    jailshell is excellent. previously we never provided clients access to our servers via ssh but now we can know that they cannot corrupt the system.

    we have tested this with some of our clients who are quite good with working with shell and they have not found a way to see others sensitive files or damage the system YET.

    if anyone else has had security problems please let me now. by the way users have to contact us with a valid reason to access ssh and we only provide it for a limited time.

    cPanel.net Support Ticket Number:
     
  9. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    The only thing that I have seen is that jailed users can still go into /var/log. If any clients have ssl certs, they are listed in there. No usernames, though.

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page