Providing SSH access to your clients is risky at best. On the one hand, you give them the capability to perform advanced customizations on the server and view a lot of the “behind the scenes” activity. On the other, it’s a wide open security threat as it is extremely difficult to properly secure such a service. And I’m not only talking about malicious attacks. Like any powerful tool, SSH functionality can prove to be dangerous in the wrong hands. You don’t want users to accidentally mess something up – something that can render your server unstable.
One compromise is to restrict shell access to users in such a way that they only have access to a subsection of the total information available on the server. You let them see their own directories as well as a striped down version of everything else. This way, you limit the potential damage and ensure that one user cannot access the directories of another. This functionality is known as “Jailed Shell Access”. You can enable it on a per user basis as well as retain it as the default for new users.
Enabling jailed shell access is simple. Let’s take a quick look at how to do that as well as what the implications are. We look at the internal mechanism that enables jailed shell access support and will be able to see exactly how data separation is achieved.
A shell is a user interface to access an operating system using either a command-line interface or Graphical user interface. Shell Access is enabled by default on Shared hosting accounts, VPS, and Dedicated servers. A shell is a user interface for access to an operating system’s services. There are three types of Shell Access Modes available in WHM. They are Normal Shell, Jailed Shell, and Disabled Shell. The
Normal shell access grants the user to access the shell without any limitations.
cPanel and WHM use VirtFS to provide a jailed shell environment for users who connect to a server via SSH. The jailed shell acts as a container for the user and does not allow the user to access other users’ home directories on the server. Jailed shell limits the user to use certain commands that may be harmful to the server. So that it increases the security for server’s other uses.
Disabled shell denies the user to access the shell.