Major issue with SSh

tecwithquestion

• December 13, 2014 20:39

Hello I have cpanel dedicated server with clouldlinux. I have configured Jailshell for one of my friend. That user added in CageFS list. He told me that He have access to entire server. not only to his folder only. To confirm I connected as user to shell and I tried to access other folder lile /usr/local/cpanel/base/frontend/x3/ /opt /usr /etc This is users jailshell setting in passwd file user:x:539:540::/home/user:/usr/local/cpanel/bin/jailshell in my cpanel I have some custom plugin like process usage and inode usage check etc. He can easily copy these files into his account and download them via file manager. (I tried that) how can we stop this ? User should not have access to any single file outside his home folder.

• 

  quizknows

  • December 14, 2014 04:58

  This is normal on linux systems and not really a security risk. Some files and binaries have to be readable for an environment to function. Some documentation is available here:

  0
• 

  cPanelMichael

  • December 15, 2014 14:33

  Yes, as mentioned in the previous post, this is standard due to the nature of how the filesystem works on Linux. Note that while you may be able to view some directories outside of /home, all account-specific data should be restricted. Thank you.

  0

Please sign in to leave a comment.