Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Symlink Protection

Discussion in 'EasyApache' started by peter123, Nov 20, 2016.

  1. peter123

    peter123 Member

    Joined:
    Apr 14, 2008
    Messages:
    13
    Likes Received:
    1
    Trophy Points:
    53
    Hi All,

    I have just installed cPanel on a CentOS 7 server, and enabled mod_ruid2 through EA4. I also disabled all shell access for all users. May I know what else I need to do for symlink protection?

    Thanks!
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,478
    Likes Received:
    421
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. peter123

    peter123 Member

    Joined:
    Apr 14, 2008
    Messages:
    13
    Likes Received:
    1
    Trophy Points:
    53
    Thanks for your reply!
    For the filesystem-level solution, can I use "mod_ruid2 + noshell" instead of "mod_ruid2 + jailshell"? My customers do not need shell access so I prefer to disable it if disabling it give same level of protection.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    You may also find this document helpful:

    Symlink Race Condition Protection - EasyApache 4 - cPanel Documentation

    I recommend using one of the kernel-level solutions if possible.

    Otherwise, note that enabling EXPERIMENTAL: Jailshell Virtual Hosts using mod_ruid2 and cPanel jailshell in WHM's Tweak Settings interface (Home >> Server Configuration >> Tweak Settings) does not actually enable jailed shell access on the accounts. You can use this option and still disable shell access on the accounts.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice