The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Prevent cpanel user to list server root directories and write into /tmp

Discussion in 'Security' started by postcd, Apr 23, 2015.

  1. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    620
    Likes Received:
    6
    Trophy Points:
    18
    Hello,

    how can whm server admin prevent cpanel users seeing whm server directories (like /tmp. /etc, /var) contents and download the files? On default centos, WHM install this is possible for files with i assume -***-r**** permission and any cpanel user can also upload his files into /tmp folder of the server.

    PS: some way without need of installing cloudlinux, mod ruid 2

    thank you
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    /tmp has to be world writeable for linux to function. It should always be chmod 1777 on a centos/redhat system

    / and other directories also have to be world readable for the server to function.

    It pretty much requires modification of the kernel with things like cloudlinux to change this (so you can use jailed shells properly, etc.). Even chroot for shell access won't stop things like PHP shells etc from reading world readable files. I know it's not the answer you want, but that's just kinda how it is. It's nothing "new" to be honest, just linux working as intended.
     
  3. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    620
    Likes Received:
    6
    Trophy Points:
    18
    thx, here is the oppinion of another person regarding this:
    i tried OWASP but i had to disable numerous rules and still i was discovering some of the content management systems functions not working properly, so im unsure how to use it so it do not cause any trouble to hosted websites.

    Now im looking for the way to make sure on the filesystem there are no sensitive files with read access to the cpanel users. cpanel user writable /tmp looks to me like quite serious issue
     
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Users writing to /tmp is not a serious issue, it's how linux works.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    651
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, this is standard due to the nature of how the filesystem works on Linux. Note that while you may be able to view some directories outside of /home, all account-specific data should be restricted.

    Thank you.
     
Loading...

Share This Page