User Shell Access periodically resets to Normal Shell
Hello,
I have observed something that concerns me on multiple of our cPanel servers (several versions including the latest). I have Tweak Settings -> Use cPanel" jailshell by default set to "On", and I only enable JailShell for any users - never Normal shell.
Nevertheless, every now and then when I go to check the Manage Shell Access I see that a lot of users suddenly have Normal Shell enabled. Some still have Jail Shell, and those who did not have Shell access are still Disabled, but quite a few have somehow been enabled with Normal Shell. All I know is I did not make this change.
Is there some bug in cPanel that resets the shell users to Normal Shell? To me this is a security concern and I would like your comments on this.
As mentioned, it happens to all our servers frequently and it has been occuring with multiple versions of cPanel. (first time I noticed is probably 1-2 years ago).
Thank you,
Sindre
-
Hello :) Does anyone else have root access to the server, or do you have resellers with privileges to make this change? Thank you. 0 -
No, resellers do not have access to this and only I have root access. 0 -
Would you mind opening a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome. Thank you. 0 -
]Would you mind opening a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome. Thank you.
Ticket created (#6190915).0 -
To update, our analysts advised the user to install Auditd on their system and monitor what edits the /etc/passwd file, as all indications are that no unauthorized access attempts occurred. Thank you. 0
Please sign in to leave a comment.
Comments
5 comments