Shell Access Dangerous?

[Omar]

Is there any way to 'limit' what people can do with shell access?

I logged in to one of my own accounts with shell access, and I was able to look in other user's directories and see the other system directories and partitions.

When I had shared hosting, I couldn't even run the TOP command with my shell access. And that host was using WHM/CPanel too.

Anyway to lock-down shell access a bit?

Thanks

- Omar

 

[cass]

Yes... I'm interesed in that too...
I know that the best (or maybe near) way to do this is with chroot ... so chrooting any user in its own celd ...

I needed to do a lot of chmod's to make things not viewable from all to all users... you know...

for example :
/home .............................. drwxr-x--x
/home/someuser ............ drwx--x--x

as you know... someone can &guess& that there is a public_html dir .... so can cd /home/someuser/public_html and then... see all contents on it... BUT... I recomend users to...
/home/someuser/public_html ........ drwxr-xr--

and then ... chgrp the dir to nobody (or the user running apache)
this way noone but the user & apache can read this dir or you'll get a 503 error or somethign from web if you chmod but not chgrp.

Anyway... some guru there can tech us on how to make this the better way ?

Regards.
Carlos Ariel Sepúlveda.