1. S

    mod_ruid2 with php-fpm and http2 (jail Apache)

    Hi all I'm after some advice if anyone can help. We have a server configured to use PHP-FPM along with http2. I've received one of the "Security Advisor notifications" emails from the server recommending we install mod_ruid2 and change users to jailshell. What would fall out of installing...
  2. B

    Bug (security): Jailshell is missing /etc/crypto-policies so breaks crypto-policies(7) enforcement

    cPanel v94 on Alma 8. Out of the box, the cPanel jailshell environment doesn't include the files under /etc/crypto-policies. This breaks crypto-policies(7) and can cause unexpected/undesired behavior across various processes (kerberos, (lib)openssh, (lib)openssl, etc). As one example that...
  3. B

    Bug: 'modulespath' error at logon when using jailshell

    Environment: Alma Linux 8.5.latest, cPanel 94.0.23 LTS Jailshell users get a minor error when logging into command line (ie using 'Terminal' or via SSH): sed: can't read /usr/share/Modules/init/.modulespath: No such file or directory The error is coming from this section of...
  4. 000

    is correct users with jailshell can open /etc/passwd ??

    in my server CentOs 7 we have some users with jailshell when they run the commandcat /etc/passwdthey can see ALL users and the complet file. that is normal in LINUX ? how I can avoid that?
  5. O

    jailshell notice in command line

    I've enable EXPERIMENTAL: Jail Apache but now every time I hit return on terminal I get this notice: -jailshell: /usr/local/lp/bash_eternal_history: Read-only file system Could you please tell me how to resolve this. I looked in my .bashrc and couldn't find anything related to this file...
  6. L

    SOLVED Composer Package Available to All Users with Jailshell Enabled?

    I've been using PHP Codesniffer with some additional rulesets installed via Composer on several accounts to test PHP code before I upgrade the PHP version. Currently, I've got PHP Codesniffer installed on each account where I use it in the users' /home folder and added the path to each users'...
  7. <esc>

    SOLVED curl not working in JailShell

    I just got an request from a PHP developer who claims that curl is not working from PHP in a JailShell account while compiled into Apache. Is this a security feature or some misconfiguration on my side?
  8. R

    Cron: jailshell - No such file or directory

    A cron that has been running for many years has suddenly stopped working with this error: /usr/local/cpanel/bin/jailshell: https://www.xxxxxxxx.net.au/coin_cron/bills.php: No such file or directory bills.php is still here, so what am I doing wrong? Any assistance would be greatly appreciated.
  9. N

    Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell

    When not using mod_ruid2 then why still getting warning message from cPanel Security Advisor?
  10. G

    Is it safe to give ssh to users?

    Hello, i trying to find out how is safe to give ssh to users on shared hosting? All i can found is some old forum posts (about 10 years old). cPanel hosting server + CSF and without cloudlinux or other software Any link text or thought?
  11. inetbizo

    JailShell Question

    Can you confirm whether or not the bin => logrotate will work for the user? I have custom conf for logrotate within their user space.
  12. I

    some cPanel update added jailshell to my crontabs

    Hi there. This morning some crontab processes stopped working as expected. After checking the basics, I surprisingly found that my crontab for user accounts was touched! So above every uncommented line, I found this: SHELL="/usr/local/cpanel/bin/jailshell" So cPanel somehow "touched" my...
  13. M

    cPanel jailshell being abused and causing downtime

    Hello, This issue is first reported at cpanel uses jailshell for cron (problem) but no solution provided. We are running cPanel on CentOS 7.2 and since last week we see /usr/local/cpanel/bin/jailshell being abused by spammers. We see jailshell called many times pushing 100% CPU and RAM, and...
  14. J

    JailShell question, with multiple home folders

    I know that JailShell keeps a user inside their own folder. If a user's folder is on home2, cPanel automatically puts a symlink on home pointing to their folder so that services can always use home and not care where their folder really is. With JailShell, however, it will not allow a user to...
  15. W

    -jailshell: double free or corruption

    Hello, I received this error today, while trying to login remotely, using SSH: lock file /home/virtfs/_lock/32865 created by pid 68579 was not removed before the process died. *** glibc detected *** -jailshell: double free or corruption (out): 0x00000000025caba0 *** I was logging in to try...
  16. N

    Jailshell access to /etc/pki/ files for certificate verification

    Hi all, Are jailshell users supposed to have access to these files? /etc/pki/tls/certs/ca-bundle.crt which is a symlink to /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /etc/pki/tls/certs/ca-bundle.trust.crt which is a symlink to /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt...
  17. T

    JailShell logs

    Hello I have noticed that user who have jail shell access , he can access 80% of server data. and this is very risky. Is there any way to prevent this ? or is there any way to copy all users commands execuated via jailshell to safe location so that he can not clear those ? in...
  18. Stefaans

    Insufficient permission in Jailshell and "no input file specified" with email pipe

    I wanted to reply to an old thread but couldn't. The thread was just too old. But the the suggestion in there by mynameanu's solved a major headache for me today... It started (after migrating to a new server) with an email pipe to a PHP script throwing a "no input file specified" error. The...
  19. postcd

    Use cPanel jailshell by default, what is it?

    I want maximum security for cpanel accounts, so one cant influence other injecting/seeing each other files, what this option do regarding this? should i enable it by default? none of my users have SSH access.. is it only about SSH access this feature?
  20. postcd

    mod_ruid + jailshell - how to enable

    Hello, please how can i enable mod_ruid and jailshell on my whm server? It is adviced by this post: https://forums.cpanel.net/f185/solutions-handling-symlink-attacks-202242-p23.html#post1397221 and there too: http://www.sysadmindiaries.com/2013/07/how-to-prevent-cpanel-apache-symlink.html...