Shell access for reseller customers.

[ivaninch]

Is there a way I can stop resellers giving shell access to their customers in WHM?

Thanks
Ivaninch

 

[alchiba]

I've been wondering as well. I filed a related bug report earlier and added a request that this feature be added.

 

[ivaninch]

answer

I have recieved this response from a forum i posted to as well.

change the shell for the user to:

/usr/local/cpanel/bin/noshell


regards
Ivaninch
could be my age

 

[teck]

Only users with root can do that so if you're a reseller for a host, you probably don't have the ability to do that so you're going to have to ask the host to do it for you.

 

[ivaninch]

Thanks

Thankyou teck.
If i do use /usr/local/cpanel/bin/noshell
will this stop my reseller having shell access as well as not being able to giving SSH to his customers.
I would prefer that my resellers have shell access but not have the optiom to giver access to his customers.

 

[teck]

Unfortunately, if your created packages have shell access enabled, the reseller's customers will get it. Everytime a reseller creates an account, you get emailed about it. When this happens, I'd suggest you go in and modify that customer's shell to the path above. It's a pain but it just takes 1 minute.

 

[gorgo]

I don't see it as being a bad thing that customers have access to SSH/Telnet... in all honesty, if your running a secure version of Linux then they can't cause much trouble, other then trashing their own acct.

If your worried that a customer will start activating programs and suck up system resources, write a small perl script to kill the process's that use more then ***% of the customer resources...

Thats what I do on my server. anything taking more then 10% system resources gets killed. I check this with a cron tab every 15 minutes

 

[teck]

What's that script?

As for giving shell access.. If one of your clients is on bugtraq or gets new exploits fast, your box can be the next victim of hacks. Just a heads up.

 

[purplep]

Hi,

How and where do you change the shell for a user to /usr/local/cpanel/bin/noshell ??

Thanks.

 

[teck]

If you want to disable shell access for that user, just edit /etc/passwd and change the shell of the user to:

/usr/local/cpanel/bin/noshell

So.. From:

username:x:101010:111::/home/username:/bin/bash

To:

username:x:111111:111::/home/username:/usr/local/cpanel/bin/noshell

Just ignore the numbers in there. The most important thing is the ending.. /usr/local....

 

[AlaskanWolf]

i submitted a bug report to nick to have it as a option in the resellers management area if they can setup accounts with ssh or not...same idea as ip account creation