Skip to main content

Ping command allow to cPanel user

Comments

16 comments

  • cPRex Jurassic Moderator
    Hey there! I just created a test user with normal shell on an AlmaLinux 8 system, and that user has access to ping by default. Here is the path I see for that user: [username@host ~]$ echo $PATH /usr/local/cpanel/3rdparty/lib/path-bin:/usr/share/Modules/bin:/usr/local/cpanel/3rdparty/lib/path-bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/opt/cpanel/composer/bin:/home/username/bin
    ping is located in /usr/bin/ping on this machine, which is in the $PATH. Can you check the $PATH variable for your particular user and see if that may be the issue?
    0
  • quietFinn
    I think it's CloudLinux preventing cPanel users from using ping. :rolleyes:
    0
  • cPRex Jurassic Moderator
    I created a server on a CloudLinux 7.9 system and that user could ping by default as well. [pingtest@10-2-34-117 ~]$ echo $PATH /usr/local/cpanel/3rdparty/lib/path-bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/opt/cpanel/composer/bin:/home/pingtest/.local/bin:/home/pingtest/bin
    0
  • ffeingol
    How about potential firewall rules blocking ICMP?
    0
  • Tarak Nath
    Thank you all for the response. Here is the path I see for that user: cpaneluser@server1 [~]# echo $PATH /usr/local/cpanel/3rdparty/lib/path-bin:/usr/local/jdk/bin:/usr/local/cpanel/3rdparty/lib/path-bin:/usr/lib64/qt-3.3/bin:/home/cpaneluser/perl5/bin:/usr/local/cpanel/3rdparty/lib/path-bin:/usr/local/jdk/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/usr/X11R6/bin:/root/bin:/opt/bin:/opt/cpanel/composer/bin:/usr/local/easy/bin:/usr/local/bin:/usr/X11R6/bin:/usr/local/puppet/sbin:/usr/local/puppet/bin:/home/cpaneluser/.local/bin:/home/cpaneluser/bin
    How about potential firewall rules blocking ICMP?

    Please find the attached screenshot for the status. Thanks
    0
  • cPRex Jurassic Moderator
    Are there any external firewalls managed by your host? That local configuration looks good, but there could be something blocking this at a higher level that you don't have access to.
    0
  • Tarak Nath
    Are there any external firewalls managed by your host? That local configuration looks good, but there could be something blocking this at a higher level that you don't have access to.

    It's not possible for us to say whether there is any external firewalls or not. We have access of our server only. However we have contacted with our server provider and their response mentioned below: [QUOTE] By default only users with root privilege's can run this command. The only way for a regular cpanel user to be able to do that is to elevate them to root permissions. You have to give them root privilege's. This is by design for security reasons by cpanel.
    0
  • cPRex Jurassic Moderator
    That isn't correct, so it sounds like something else is happening. Could you submit a ticket so our team can check this?
    0
  • quietFinn
    I was testing this in a few servers with and without CloudLinux, and if I try to ping as cPanel user I get: ping: socket: Operation not permitted Then I created cPanel account in Ubuntu server, Solo License so it's the only account, and ping works.
    0
  • Tarak Nath
    That isn't correct, so it sounds like something else is happening. Could you submit a ticket so our team can check this?

    Ticket ID #94426795
    0
  • quietFinn
    I believe you'll find solution here:
    0
  • cPRex Jurassic Moderator
    From the notes in the ticket so far, it looks like this was due to CageFS. Can you confirm, @Tarak Nath ?
    0
  • Tarak Nath
    Still same issue. Ping still not working from cPanel user after reinitializing CageFS by running the command: cagefsctl --reinit
    0
  • Tarak Nath
    Update for those are interested in this issue. Here is the cPanel support team said: [QUOTE] After some additional investigation into your reported issue, this request will be best reviewed by the CloudLinux staff. I created a linux user outside of WHM and su'd into that account. That account, which is not managed by cPanel, also encountered the Operation not permitted message. This indicates that the problem is not caused by CageFS or cPanel.
    Currently we are communicating with the ClouldLinux support team.
    0
  • Tarak Nath
    They have resolved the issue within a minute. Final update from CloudLinux support team: [QUOTE]The issue was related to incorrect permissions of the ping command. We have resolved the problem by executing # chmod +s /bin/ping

    0
  • quietFinn
    They have resolved the issue within a minute. Final update from CloudLinux support team:

    I still think that better (safer) solution you can find here:
    0

Please sign in to leave a comment.