Software Installs

Jailshell in cPanel

Jailshell is a level of shell (SSH) access that limits a user to his or her specific directory structure.  Under regular SSH when users log into their servers they are taken to their home directory and can execute commands within their directory structure.

Under SSH, that user can also travel to any directory on the server and even use “ls” to get a directory listing, they just cannot open the files or interact with them.  Jailshell, on the other hand, logs users into their directory structure and locks them in (much like a prison or jail cell), disallowing them from openly traversing the directory structure outside of their home.

Jailshell is easily implementable in cPanel. You can switch an account’s shell access in WHM by navigating to Manage Shell Access, under the Account Functions header.

The way this level of access works in cPanel is that it creates a virtual file system for jailshell users that only contains their own files and enough system files to perform basic system commands. For example, if you log in as a jailshelled user, the only files you can view and edit are the files owned by that user in the /home/username directory. You can change directories to a virtual filesystem above that, but it only contains certain files, not the whole list expected if you were the root user.

-jailshell-3.2$ pwd
/
-jailshell-3.2$ ls
bin checkvirtfs dev etc generic home lib opt proc tmp usr var

As opposed to:

root [/]# pwd
/
root [/]# ls
./ .autofsck .gnupg/ .spamassassin/ aquota.user@ boot/ etc/ lib/ mnt/ proc/ sbin/ selinux/ sys/ usr/
../ .autorelabel .rnd aquota.group@ bin/ dev/ home/ media/ opt/ root/ scripts/ srv/ tmp/ var/

The jailed shell filesystem only contains the files relevant to the user, and files that would normally contain more information only contain data that pertain to that user. For example, the /etc/localdomains file, which is owned by root:root but has world readable permissions, only shows:

-jailshell-3.2$ cat localdomains
server.hostname.com

Where as it shows all localdomains as the root user:

root [/]# cat /etc/localdomains
domain.com
server.hostname.com
domain1.com
domain2.com
domain3.com
domain4.com

This limits the user with jailshell access to only modifying his or her files and the limited number of files necessary to perform any shell commands that he or she may need to do.

Photo by Brian Talbot

Find out more about ServInt solutions

Starting at $25

Comments
  1. @Sujith, typically, but not always, that kind of error is related to the kernel. If this is a VPS, I would recommend contacting your hosting provider as you won't have access to the kernel. If this is a dedicated server, run a 'uname -r' to see your kernel version and make sure you are running an up-to-date version. I would still recommend contacting your hosting provider as they may be able to help.
    Jacob "Boom Shadow" Tirey /
  2. Hi After enabling jailshell, I am getting following error while ssh as normal user Could not exec shell '/bin/bash'
  • Hosting Advice
  • The New York Times
  • The Hill
  • Bloomberg
  • The Seattle Times
  • Computer World
  • Ars Technica
  • MSNBC

To engage with the ServInt Sales Team use the following chat icon. Normal sales hours are Monday-Friday 9am-5pm EST but feel free to leave a message and we will follow up as soon as possible.

Sales Chat



To engage with the ServInt Support Team you must be logged into our Customer Portal for identity verification and have a ticket opened about your request or there will only be limited support offered.

Support Chat

CLOSE