Sales:  800-573-7846 or Live Chat

KnowledgeBase


KnowledgeBase Home | Contact | Glossary KnowledgeBase Home | Contact | Glossary
Search the KnowledgeBase Browse by Category
Jailshell
Article Details

Last Updated
30th of November, 2011

User Opinions (10 votes)
80% thumbs up 20% thumbs down

How would you rate this answer?
Helpful
Not helpful

Jailshell is a level of shell (SSH) access that is easily implementable in cPanel. You can switch an account's shell access in WHM by navigating to Manage Shell Access, under the Account Functions header.

The way this level of access works in cPanel is that it creates a virtual file system for the shell user that only contains their own files and enough system files to perform basic system commands. For example, if you were to log into a jailshelled user, the only files you can view and edit are the files owned by that user in the /home/username directory. You can change directories to a virtual filesystem above that, but it only contains certain files, not the whole list expected if you were the root user.

-jailshell-3.2$ pwd
/
-jailshell-3.2$ ls
bin checkvirtfs dev etc generic home lib opt proc tmp usr var


As opposed to:

root [/]# pwd
/
root [/]# ls
./ .autofsck .gnupg/ .spamassassin/ aquota.user@ boot/ etc/ lib/ mnt/ proc/ sbin/ selinux/ sys/ usr/
../ .autorelabel .rnd aquota.group@ bin/ dev/ home/ media/ opt/ root/ scripts/ srv/ tmp/ var/


The jailed shell filesystem only contains the files relevant to the user, and files that would normally contain more information only contain info that pertain to that user. For example, the /etc/localdomains file, which is owned by root:root but has world readable permissions, only shows:

-jailshell-3.2$ cat localdomains
server.hostname.com


Where as it shows all localdomains as the root user:

root [/]# cat /etc/localdomains
domain.com
server.hostname.com
domain1.com
domain2.com
domain3.com
domain4.com


This limits the user with jailshell access to only modifying his or her files and the limited number of files necessary to perform any shell commands that he or she may need to do.

Attachments
No attachments were found.

Continue