Is it normal for new accounts to be able to execute programs?

**Pawel Kowalski** · 01-29-2007, 03:14 PM

I just got my VPS with WHM set up and I am doing some testing. When I create a new hosting account I can log in to SSH using that account. When I am connected using SSH I am able to download programs using wget, change their permissions to executable and then actually execute them.

Is this normal with any SSH access? If it is how can I actually block WHM from setting up a SSH account with each new web hosting account I add?

**mattsiegman** · 01-29-2007, 03:25 PM

a VPS is an entire pretend server... that's how it's supposed to work, i think

**JPC-Masood** · 01-29-2007, 03:35 PM

In WHM, when you create account, you can choose not to give shell access. You can also turn it on/off from WHM

Main >> Account Functions >> Manage Shell Access

Shell access should only be provided to trusted party, like we do to you guys on the shared hosting

**JPC-Masood** · 01-29-2007, 03:39 PM

Forgot to add, yes its normal for the user to be able to execute programs. It is a proper unix account. And by not giving shell access you are not protected. A single line of bad code can give remote shell access to any internet user (i.e. ability to run arbitrary code on the vps). So all accounts on your vps should be protected by following the security guidelines:

Tips on Web Security

**Frank Broughton** · 01-29-2007, 05:13 PM

I believe you can also force all users to use jail shell in whm. Can't check for sure right now as my VPS is being migrated to Atlanta right now.

**JPC-Masood** · 01-29-2007, 07:55 PM

Jail only restricts a user from roaming around the server and reading files outside of their account, but will still allow to run programs or background scripts etc.

LinkBack

Thread Tools

Display

Is it normal for new accounts to be able to execute programs?

Bookmarks

Bookmarks

Posting Permissions