The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Shell access for reseller customers.

Discussion in 'General Discussion' started by ivaninch, Feb 17, 2002.

  1. ivaninch

    ivaninch Member

    Joined:
    Feb 17, 2002
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Is there a way I can stop resellers giving shell access to their customers in WHM?

    Thanks
    Ivaninch
     
  2. alchiba

    alchiba Member

    Joined:
    Aug 19, 2001
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    I've been wondering as well. I filed a related bug report earlier and added a request that this feature be added.
     
  3. ivaninch

    ivaninch Member

    Joined:
    Feb 17, 2002
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    answer

    I have recieved this response from a forum i posted to as well.

    change the shell for the user to:

    /usr/local/cpanel/bin/noshell


    regards
    Ivaninch
    could be my age
     
  4. teck

    teck Well-Known Member

    Joined:
    Aug 10, 2001
    Messages:
    164
    Likes Received:
    0
    Trophy Points:
    16
    Only users with root can do that so if you're a reseller for a host, you probably don't have the ability to do that so you're going to have to ask the host to do it for you.
     
  5. ivaninch

    ivaninch Member

    Joined:
    Feb 17, 2002
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Thanks

    Thankyou teck.
    If i do use /usr/local/cpanel/bin/noshell
    will this stop my reseller having shell access as well as not being able to giving SSH to his customers.
    I would prefer that my resellers have shell access but not have the optiom to giver access to his customers.
     
  6. teck

    teck Well-Known Member

    Joined:
    Aug 10, 2001
    Messages:
    164
    Likes Received:
    0
    Trophy Points:
    16
    Unfortunately, if your created packages have shell access enabled, the reseller's customers will get it. Everytime a reseller creates an account, you get emailed about it. When this happens, I'd suggest you go in and modify that customer's shell to the path above. It's a pain but it just takes 1 minute.
     
  7. gorgo

    gorgo Well-Known Member

    Joined:
    Jan 9, 2002
    Messages:
    148
    Likes Received:
    0
    Trophy Points:
    16
    I don't see it as being a bad thing that customers have access to SSH/Telnet... in all honesty, if your running a secure version of Linux then they can't cause much trouble, other then trashing their own acct.

    If your worried that a customer will start activating programs and suck up system resources, write a small perl script to kill the process's that use more then ***% of the customer resources...

    Thats what I do on my server. anything taking more then 10% system resources gets killed. I check this with a cron tab every 15 minutes
     
  8. teck

    teck Well-Known Member

    Joined:
    Aug 10, 2001
    Messages:
    164
    Likes Received:
    0
    Trophy Points:
    16
    What's that script?

    As for giving shell access.. If one of your clients is on bugtraq or gets new exploits fast, your box can be the next victim of hacks. Just a heads up.
     
  9. purplep

    purplep Well-Known Member

    Joined:
    Feb 6, 2002
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    How and where do you change the shell for a user to /usr/local/cpanel/bin/noshell ??

    Thanks.
     
  10. teck

    teck Well-Known Member

    Joined:
    Aug 10, 2001
    Messages:
    164
    Likes Received:
    0
    Trophy Points:
    16
    If you want to disable shell access for that user, just edit /etc/passwd and change the shell of the user to:

    /usr/local/cpanel/bin/noshell

    So.. From:

    username:x:101010:111::/home/username:/bin/bash

    To:

    username:x:111111:111::/home/username:/usr/local/cpanel/bin/noshell

    Just ignore the numbers in there. The most important thing is the ending.. /usr/local....
     
  11. AlaskanWolf

    AlaskanWolf Well-Known Member

    Joined:
    Aug 11, 2001
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Fremont CA
    i submitted a bug report to nick to have it as a option in the resellers management area if they can setup accounts with ssh or not...same idea as ip account creation
     
Loading...

Share This Page