The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Prevent SSH users from accessing "Top" and other commands

Discussion in 'General Discussion' started by Boboss, Mar 30, 2007.

  1. Boboss

    Boboss Active Member

    Joined:
    May 26, 2003
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Can someone indicate how to ensure that users do not get access to commands such as "top", "ps", etc.?

    Thanks.
     
  2. AlexandreVeezon

    AlexandreVeezon Well-Known Member

    Joined:
    Dec 9, 2005
    Messages:
    99
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    /br/sc/rionegrinho
    cPanel Access Level:
    Root Administrator
    I wish to know this too.
    And how can we block the listing of directories like / /etc /var
     
  3. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    The best and easiest way, don't give ssh jailshell.

    I never do on any server. There is enough power via cpanel, cse script, ftp scripts etc.
    Everything a user needs can be done through a gui.

    just my opinion. And if a user demands it, then they can also deman another
    provider because thats something I definitely will not provide.

    good luck
     
  4. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    I don't recommend giving any kind of shell access to any user ....

    However to answer your question, you can set owner "root:root"
    and permissions "700" on any program you want accessible
    by root only.

    While I don't see a problem with things such as 'ps' and 'top'
    doing this, you should be advised that restricting some commands
    could feasible break scripts that depend on those commands.
     
  5. kevinm

    kevinm Member

    Joined:
    Feb 22, 2006
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Another way to achieve this without having to go setting permissions about the fil system in a draconian way is to install a role based access control (RBAC) , the grsec kernel patches has a good rbac included in them . ( http://www.grsecurity.net/ ) It needs a kernel recompile , however once you have the least privilege policies created, then you can move this policy to any server with a few copy operations .
     
Loading...

Share This Page