The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

User Shell Access periodically resets to Normal Shell

Discussion in 'Security' started by Sindre, Mar 5, 2015.

  1. Sindre

    Sindre Well-Known Member

    Joined:
    Aug 25, 2008
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    I have observed something that concerns me on multiple of our cPanel servers (several versions including the latest). I have Tweak Settings -> Use cPanel® jailshell by default set to "On", and I only enable JailShell for any users - never Normal shell.

    Nevertheless, every now and then when I go to check the Manage Shell Access I see that a lot of users suddenly have Normal Shell enabled. Some still have Jail Shell, and those who did not have Shell access are still Disabled, but quite a few have somehow been enabled with Normal Shell. All I know is I did not make this change.

    Is there some bug in cPanel that resets the shell users to Normal Shell? To me this is a security concern and I would like your comments on this.

    As mentioned, it happens to all our servers frequently and it has been occuring with multiple versions of cPanel. (first time I noticed is probably 1-2 years ago).

    Thank you,
    Sindre
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. Sindre

    Sindre Well-Known Member

    Joined:
    Aug 25, 2008
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    No, resellers do not have access to this and only I have root access.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Would you mind opening a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  5. Sindre

    Sindre Well-Known Member

    Joined:
    Aug 25, 2008
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    Ticket created (#6190915).
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    To update, our analysts advised the user to install Auditd on their system and monitor what edits the /etc/passwd file, as all indications are that no unauthorized access attempts occurred.

    Thank you.
     
Loading...

Share This Page