Shell access for reseller customers.

ivaninch

Member
Feb 17, 2002
18
0
301
Is there a way I can stop resellers giving shell access to their customers in WHM?

Thanks
Ivaninch
 

alchiba

Member
Aug 19, 2001
17
0
301
I've been wondering as well. I filed a related bug report earlier and added a request that this feature be added.
 

ivaninch

Member
Feb 17, 2002
18
0
301
answer

I have recieved this response from a forum i posted to as well.

change the shell for the user to:

/usr/local/cpanel/bin/noshell


regards
Ivaninch
could be my age
 

teck

Well-Known Member
Aug 10, 2001
164
0
316
Only users with root can do that so if you're a reseller for a host, you probably don't have the ability to do that so you're going to have to ask the host to do it for you.
 

ivaninch

Member
Feb 17, 2002
18
0
301
Thanks

Thankyou teck.
If i do use /usr/local/cpanel/bin/noshell
will this stop my reseller having shell access as well as not being able to giving SSH to his customers.
I would prefer that my resellers have shell access but not have the optiom to giver access to his customers.
 

teck

Well-Known Member
Aug 10, 2001
164
0
316
Unfortunately, if your created packages have shell access enabled, the reseller's customers will get it. Everytime a reseller creates an account, you get emailed about it. When this happens, I'd suggest you go in and modify that customer's shell to the path above. It's a pain but it just takes 1 minute.
 

gorgo

Well-Known Member
Jan 9, 2002
148
0
316
I don't see it as being a bad thing that customers have access to SSH/Telnet... in all honesty, if your running a secure version of Linux then they can't cause much trouble, other then trashing their own acct.

If your worried that a customer will start activating programs and suck up system resources, write a small perl script to kill the process's that use more then ***% of the customer resources...

Thats what I do on my server. anything taking more then 10% system resources gets killed. I check this with a cron tab every 15 minutes
 

teck

Well-Known Member
Aug 10, 2001
164
0
316
What's that script?

As for giving shell access.. If one of your clients is on bugtraq or gets new exploits fast, your box can be the next victim of hacks. Just a heads up.
 

purplep

Well-Known Member
Feb 6, 2002
59
0
306
Hi,

How and where do you change the shell for a user to /usr/local/cpanel/bin/noshell ??

Thanks.
 

teck

Well-Known Member
Aug 10, 2001
164
0
316
If you want to disable shell access for that user, just edit /etc/passwd and change the shell of the user to:

/usr/local/cpanel/bin/noshell

So.. From:

username:x:101010:111::/home/username:/bin/bash

To:

username:x:111111:111::/home/username:/usr/local/cpanel/bin/noshell

Just ignore the numbers in there. The most important thing is the ending.. /usr/local....
 

AlaskanWolf

Well-Known Member
Aug 11, 2001
537
0
316
Fremont CA
i submitted a bug report to nick to have it as a option in the resellers management area if they can setup accounts with ssh or not...same idea as ip account creation