Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

users default shell is /bin/bash !!!! security ??

Discussion in 'Security' started by forlinuxsupport, Dec 23, 2005.

  1. forlinuxsupport

    forlinuxsupport Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2004
    Messages:
    386
    Likes Received:
    0
    Trophy Points:
    166
    cPanel Access Level:
    Root Administrator
    Hi

    I just had alook and when you create a new domain it has the box ticked for Shell access, bit silly to have it ticked by default, but not too serious I suppose.

    My main concern is all email users have their shell set to /bin/bash .... surely this cant be right !!!!
    take a look in /etc/vmail/passwd.domainname.co.uk
    (its symlinked to /home/domainname/etc/longdomainname/passwd)

    All email users have a shell by default !!!! eeeek !!!! :confused:
    Please tell me im dreaming ???!!!!!????

    I can't find a way to give them an invalid shell via the interface..
    Should I just set them to something like /dev/null or /bin/nologin .. hmm wonder what that will break .!!

    any comments,, please feel free.

    What is the Jailshell and how does it work ???

    thanks
    andy
     
    #1 forlinuxsupport, Dec 23, 2005
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,472
    Likes Received:
    20
    Trophy Points:
    463
    Location:
    Go on, have a guess
    No, they don't. SSH doesn't use those files for authentication - it uses /etc/passwd (/etc/shadow).

    If you don't want to give real shell access, then use Packages in WHM. If you want the shell to default to jailshell use the setting for that in WHM > Tweak Settings.
     
    #2 chirpy, Dec 23, 2005
  3. forlinuxsupport

    forlinuxsupport Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2004
    Messages:
    386
    Likes Received:
    0
    Trophy Points:
    166
    cPanel Access Level:
    Root Administrator
    ahhh .. nice one...

    thanks.. puts my heart at ease :) :p

    What about this jailshell.... Is it worth using ?

    I dont want any users to have ssh access to the server (except me of course (root)), must I set all users to jailshell, or can I put their shells as /bin/nologin ?

    thanks
    andy
     
    #3 forlinuxsupport, Dec 23, 2005
  4. RizyDeWino

    RizyDeWino Well-Known Member

    Joined:
    Aug 1, 2005
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    Planet Earth
    Jailshell is a very good restricted shell option available with whm/cpanel servers , that you can give your users access to without any worry.

    Hosting clients, when granted shell access, should not be able to see anything except for their domain, their own files, and their own folders. They should feel like they are the only ones on the system. And this is what jailshell do. The users will have a restricted shell access.

    Jailshell also keeps your clients from even attempting anything malicious or overstepping their bounds, because they dont have the rights to open files that they shouldn't, because they are invisible to them due to the restrictions built in the Jailshell.
     
    #4 RizyDeWino, Dec 23, 2005
  5. forlinuxsupport

    forlinuxsupport Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2004
    Messages:
    386
    Likes Received:
    0
    Trophy Points:
    166
    cPanel Access Level:
    Root Administrator
    Hi

    Cool thanks !!!!!!!!!

    How can I prevent them having SSH access Totally ??

    Cheers
    andy
     
    #5 forlinuxsupport, Dec 23, 2005
  6. RizyDeWino

    RizyDeWino Well-Known Member

    Joined:
    Aug 1, 2005
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    Planet Earth
    Go to WHM > Account Functions > Manage Shell Access , and simply press the 'Disable' button for both shells for each account.
     
    #6 RizyDeWino, Dec 23, 2005
  7. forlinuxsupport

    forlinuxsupport Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2004
    Messages:
    386
    Likes Received:
    0
    Trophy Points:
    166
    cPanel Access Level:
    Root Administrator
    Hi

    Here is an extract of my passwd file :
    Can I change postgres and ftp and cpanel to /bin/false ?
    Surley they never login ??

    The bottom 3 are the main domain users, can I change them to /bin/false as well ?
    They never use ssh, I only want root to be able to SSH in.

    If I change them all to /bin/false will it affect anythign else ?

    thanks for the help
    Andy
     
    #7 forlinuxsupport, Dec 29, 2005
(You must log in or sign up to post here.)
Loading...
Similar Threads - users default shell
  1. Roshan Bajaj

    How do I add multiple users to cPanel?

    Roshan Bajaj, Sep 14, 2017, in forum: General Discussion
    Replies:
    2
    Views:
    76
    Infopro
    Sep 14, 2017
  2. 19MaWa98

    Can't create databases/users

    19MaWa98, Sep 13, 2017, in forum: Database Discussions
    Replies:
    1
    Views:
    74
    cPanelMichael
    Sep 13, 2017
  3. Tearabite

    Prevent users from modifying email quotas ?

    Tearabite, Sep 7, 2017, in forum: General Discussion
    Replies:
    1
    Views:
    58
    cPanelMichael
    Sep 7, 2017
  4. mindnetcombr

    How-to disable users php.ini and user.ini files

    mindnetcombr, Aug 24, 2017, in forum: EasyApache
    Replies:
    1
    Views:
    161
    cPanelMichael
    Aug 25, 2017
  5. chanklish

    Forbidding users from using another smtp server

    chanklish, Aug 17, 2017, in forum: E-mail Discussions
    Replies:
    5
    Views:
    159
    cPanelMichael
    Sep 20, 2017 at 7:30 AM

Share This Page