Why Jailed Shell Access is an Important cPanel Feature

hacker home directory jailed shell permissions root directory security risks shell ssh user WebHost Manager WHM

February 25th, 2013 By:

In cPanel’s WebHost Manager (WHM), it gives you the option to enable or disable shell access for individual hosting users. With shell access (SSH) enabled, users will be able to access your server’s command line through a terminal emulator. Allowing SSH access provides users with a tremendous amount of power, but as the old superhero adage goes, “with great power comes great responsibility.”

By default, your shell users will have limited access. That means they will not have the permissions required to do any serious damage. Despite that, they will still be able to see any directory and any file that offers at least read permissions. That can expose your server to security risks. One handy solution to that is a “jailed shell”.

Unlike a normal shell account that allows the user to see directories above his own home directory, a jailed shell provides a very enclosed workspace for the user. The root directory for this user will be his own home directory. It will appear as though directories above his do not even exist.

A couple of security notes:

For more information about managing shell access, see the WHM documentation on the subject.

SSD Cloud Hosting

* Up in 30 Seconds
* One-Click Apps
* WordPress, Node.js, Docker, LAMP, LEMP
* 5 International Data Centers
* $4.97 per month - Pay as you go with per second billing