Providing SSH access to your clients is risky at best. On the one hand, you give them the capability to perform advanced customizations on the server and view a lot of the “behind the scenes” activity. On the other, it’s a wide open security threat as it is extremely difficult to properly secure such a service. And I’m not only talking about malicious attacks. Like any powerful tool, SSH functionality can prove to be dangerous in the wrong hands. You don’t want users to accidentally mess something up – something that can render your server unstable.
One compromise is to restrict shell access to users in such a way that they only have access to a subsection of the total information available on the server. You let them see their own directories as well as a striped down version of everything else. This way, you limit the potential damage and ensure that one user cannot access the directories of another. This functionality is known as “Jailed Shell Access”. You can enable it on a per user basis as well as retain it as the default for new users.
Enabling jailed shell access is simple. Let’s take a quick look at how to do that as well as what the implications are. We look at the internal mechanism that enables jailed shell access support and will be able to see exactly how data separation is achieved.
Enabling Jailed Shell Access
To get started, log into your WHM dashboard and search for “Manage Shell Access” on the left-hand side menu as shown here:
You can see the screenshot that you can enable a jailed shell for individual users on a case-by-case basis. In this test example, I’ve enabled this feature for one account. We’ll take a look at the implications soon.
In case you want to enable jailed shell access for every newly created user by default, head over to the “Tweak Settings” menu item and under “System”, enable the “Use cPanel Jailed Shell by Default” option.
Whether or not you want to enable this functionality for everyone depends on your security policy however.
Jailed Shell Restrictions
With jailed shell access on my account, I log into SSH and go down one level in the directory tree using the “cd ..” command. And now when I list all the items in the current directory, I can only see the one relating to my account.
If on the other hand this was a regular shell, I would see not just my own directory but everyone else’s too. But what if I decide to continue exploring further? Just to test it out, I navigate to “/etc” and list its directories. Surprise – it’s accessible via a jailed shell!
How is this possible? Isn’t it jailed shell supposed to deny me access to anything outside my own folder? How is this secure? But if you take a closer look at the directory’s within “/etc” that I have access to, you see that it’s only a very limited list of items. This is nowhere close to the true number of directories within “/etc”. In reality, the access to /etc is an illusion. Transparent to the user, WHM has created a special folder called “virtfs” within which it stores the directories accessible to jailed shell users as you can see here:
Virtfs has created a special folder for me which has its own “etc” directory. Within that, is the exact same set of directories that I saw earlier and which fooled me into thinking that I was viewing the real “etc” location.
Just for reference, if I wanted to view the same directory logged in as a root user, this is what I would see instead:
So our “jailed shell” provides the illusion of an actual server environment complete with directories that would normally be accessible only to administrators. Thanks to the virtfs module, we can transparently provide shell access to users in a safe and contained manner.