Manage shell access
What is Shell Access and its use?
A shell access is also called as SSH i.e. Secured Shell, which provides user a remote command line access to a server, as the command line access is also very helpful; it not only help in speeding up certain tasks but also gives you access to run certain commands which require shell access. The commands related to certain frameworks like node.js, Laravel, Python, Magento etc. require shell access. This access is also required for file permissions, editing etc.
This type of access is required by many users. But before you grant them a complete shell access then ensure that you consider the security risks in advance. Because the users can execute dangerous commands which can cause security issues therefore it is recommended that you should provide only the jailed shell access to the users. It is also called as jailshell. This access will prevent the users from executing the dangerous commands.
For accessing this option >> first log in to WHM >> Navigate to “Account Functions”>> then Select “Shell Access”. Following interface will appear:
Here if you want to edit the shell access for all the users at a time then click jailed shell option or any appropriate option and click ‘Apply to all’, which is at the top of the interface. I am not changing any permission in this interface.
Now if you want to edit /modify the shell access for a particular user then first locate that user then select the desired type of access in his row that corresponds to his account. I am not going to change any permission here.
Also it is important to check that whether that accounts package has Shell Access or not?
Select from following types of Shell Access:
- Normal Shell – If you grant this option to the user, then he can access the shell without any limitations. We do not provide normal Shell access due to security reasons. Also this Normal shell access is not granted to Shared Web Hosting users due to security reasons.
- Jailed Shell – If you grant this option to the user, then user will have some limitations on running certain commands that could harm your server. In jailed shell access the user can work only in his home directory and can run only the limited commands.
- Disabled Shell – If you want to deny shell access to a customer then select this option.
Now, the accounts which has a disabled shell access they can use SFTP if enabled so to deny any accounts ability to use SFTP, then you should set /bin/false as the user’s shell. For doing this run the following command as Root user and the username will be the account for which you want to disable the SFTP.
usermod -s /bin/false username