The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Shell Access Restrictions

Discussion in 'General Discussion' started by Host4u2, May 8, 2003.

  1. Host4u2

    Host4u2 Well-Known Member

    Joined:
    Mar 24, 2002
    Messages:
    248
    Likes Received:
    0
    Trophy Points:
    16
    Is there anyway we can assign shell access to a Reseller, limiting him to his own resold accounts, without also granting the end-user (resold clients) shell access to their accounts also?
     
  2. cyberise

    cyberise Member

    Joined:
    Mar 26, 2003
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    In the Reseller Center when you are editing the preferences for the reselling account you can select:

    Never allow creation of accounts with shell access
     
  3. moronhead

    moronhead Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    16
    Nice idea! That would certainly be a great leap forward...
     
  4. SoftmegUK

    SoftmegUK Well-Known Member

    Joined:
    Feb 13, 2002
    Messages:
    372
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    UK
    One step for an idea, one giant leap in the dark for cPanel :p
     
  5. Host4u2

    Host4u2 Well-Known Member

    Joined:
    Mar 24, 2002
    Messages:
    248
    Likes Received:
    0
    Trophy Points:
    16


    That would not allow the reseller shell access to his resold accounts. You missed the idea :)
     
  6. SoftmegUK

    SoftmegUK Well-Known Member

    Joined:
    Feb 13, 2002
    Messages:
    372
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    UK
    Its a great idea, have you submitted a support request and suggesting the feature be added?
     
  7. perlchild

    perlchild Well-Known Member

    Joined:
    Sep 1, 2002
    Messages:
    279
    Likes Received:
    0
    Trophy Points:
    16
    intriguing idea

    interesting idea, would it make sense then to change the filesystem layout to have

    /home/reseller/user
    instead of
    /home/user

    and chroot jail resellers to /home/reseller
    that way they can only access their stuff?
    (of course, change ownership of account becomes a lot more complicated then...
     
  8. SoftmegUK

    SoftmegUK Well-Known Member

    Joined:
    Feb 13, 2002
    Messages:
    372
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    UK
    no because having it so it was /home/reseller/ would make it seem more unprofessional for the resellers clients.
     
  9. perlchild

    perlchild Well-Known Member

    Joined:
    Sep 1, 2002
    Messages:
    279
    Likes Received:
    0
    Trophy Points:
    16
    They wouldn't be able to know, in a properly chrooted setup, they would only see / which is equivalent to /home/reseller/user

    but I guess that would require a much tigher chroot apache than most people expect(eventually a seperate apache for each reseller, and maybe even tweaks on the exim side)
    I withdraw my suggestion, on the amount of work it would entail
    (And NO, having the cgis point to /home/reseller/user IS a weakness of the chroot process, as cgis, php, ftp daemon, all should present the SAME image of the system, anything else is just unprofessional)
     
  10. Miss Jacky

    Miss Jacky Well-Known Member

    Joined:
    Mar 4, 2004
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    6
    Hmmz I was thinking about this today, is there already a sollution for this?
     
  11. Host4u2

    Host4u2 Well-Known Member

    Joined:
    Mar 24, 2002
    Messages:
    248
    Likes Received:
    0
    Trophy Points:
    16
    I require a client to mail or fax legal picture ID such as Driver's License, Government ID, or passport to me before granting any shell access. I have all my reseller's config to read "Do not allow accounts with shell access". However, if I manually (via WHM/Account Functions/Manage Shell Access) allow a reseller ssh, he/she can also access his (ONLY) his/her client's accounts using "cd /home/userID", while his clients do NOT have access (by default). This has worked well.
     
  12. Miss Jacky

    Miss Jacky Well-Known Member

    Joined:
    Mar 4, 2004
    Messages:
    91
    Likes Received:
    0
    Trophy Points:
    6
    Tnx for your reply.

    Interesting ànd strange, because when I login as a reseller via shell, I can only access the reseller account itself, no other owned accounts. I can do cd /home/resellerclient, but then all I get is 'Permission denied'.

    Could you verify once more the shell behaviour you describe and/or tell me what OS/cpanel version you run?

    Giving shell access to trusted resellers who can then do shell stuff for their no-shell clients would be very nice.
     
Loading...

Share This Page