{"id":823,"date":"2021-07-23T12:38:56","date_gmt":"2021-07-23T12:38:56","guid":{"rendered":"https:\/\/ssdsunucum.com\/blog\/manage-shell-access\/"},"modified":"2021-07-23T12:38:56","modified_gmt":"2021-07-23T12:38:56","slug":"manage-shell-access","status":"publish","type":"post","link":"https:\/\/ssdsunucum.com\/blog\/manage-shell-access\/","title":{"rendered":"Manage Shell Access"},"content":{"rendered":"<\/p>\n<div class=\"col-md-9\">\n<div class=\"flex-column flex-md-row article-header\">\n<div id=\"versioned-article-header\">\n<p class=\"valid-version-info\"><em>Valid for versions 82 through the latest version<\/em><\/p>\n<\/div>\n<div id=\"version-select-group\" aria-label=\"select versions\">\n<h4>Version:<\/h4>\n<h4>82<\/h4>\n<\/div><\/div>\n<hr>\n<h2 id=\"overview\">Overview<\/h2>\n<p>This interface allows you to manage which of your accounts can access your server remotely from the command line.<\/p>\n<div class=\"callout callout-danger\">\n<div class=\"callout-heading\">Warning:<\/div>\n<div class=\"callout-content\">\n        Many users want this type of access. However, before you grant complete shell access to users, make certain that you consider the security risks. We recommend that you <strong>only<\/strong> provide jailed shell (sometimes seen as jailshell) access to users, which prevents the execution of certain harmful commands.\n    <\/div>\n<\/div>\n<h2 id=\"manage-shell-access\">Manage shell access<\/h2>\n<p>To modify shell access for all of the accounts on your server, click the appropriate button at the top of the interface. To modify shell access for specific users, select the desired type of access in the row that corresponds to that account.<\/p>\n<div class=\"callout callout-info\">\n<div class=\"callout-heading\">Note:<\/div>\n<div class=\"callout-content\">\n        The account\u2019s package determines whether the account has shell access. If you change the account\u2019s permission to access a shell, the system will set the value for the account\u2019s package to <code>undefined<\/code> in the account\u2019s <code>userdata<\/code> file.\n    <\/div>\n<\/div>\n<p>You can select the following types of shell access:<\/p>\n<ol>\n<li><em>Normal Shell<\/em> \u2014 Select this option to grant the user access to the shell with no limitations.<\/li>\n<li><em>Jailed Shell<\/em> \u2014 Select this option to grant the user access to a jailed shell, which limits the user\u2019s ability to run certain commands that could harm your server. For more information, read our VirtFS &#8211; Jailed Shell documentation.\n<div class=\"callout callout-danger\">\n<div class=\"callout-heading\">Warning:<\/div>\n<div class=\"callout-content\">\n        If you enable a jailed shell on a server runs CloudLinux\u2122, you may cause a security vulnerability with symlinks to files outside of the caged directory. To solve this issue, you <strong>must<\/strong> enable link traversal protection. For more information, read CloudLinux\u2019s Link traversal protection documentation.\n    <\/div>\n<\/div>\n<\/li>\n<li><em>Disabled Shell<\/em> \u2014 Select this option to deny shell access to the user.\n<div class=\"callout callout-info\">\n<div class=\"callout-heading\">Note:<\/div>\n<div class=\"callout-content\">\n        An account with a disabled shell may use SFTP if you enable it. To disable an account\u2019s ability to use SFTP, you <strong>must<\/strong> set <code>\/bin\/false<\/code> as the user\u2019s shell. To do this, run the following command as the <code>root<\/code> user, where <code>username<\/code> is the account for which you wish to disable SFTP: <\/p>\n<div class=\"highlight\">\n<pre style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4\"><code class=\"language-GO\" data-lang=\"GO\"><span style=\"color:#a6e22e\">usermod<\/span> <span style=\"color:#f92672\">-<\/span><span style=\"color:#a6e22e\">s<\/span> <span style=\"color:#f92672\">\/<\/span><span style=\"color:#a6e22e\">bin<\/span><span style=\"color:#f92672\">\/<\/span><span style=\"color:#66d9ef\">false<\/span> <span style=\"color:#a6e22e\">username<\/span><\/code><\/pre>\n<\/div><\/div>\n<\/div>\n<\/li>\n<\/ol><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Valid for versions 82 through the latest version Version: 82 Overview This interface allows you to manage which of your accounts can access your server remotely from the command line. Warning: Many users want this type of access. However, before you grant complete shell access to users, make certain that you consider the security risks. &hellip;<\/p>\n","protected":false},"author":1,"featured_media":824,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/823"}],"collection":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/comments?post=823"}],"version-history":[{"count":0,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/823\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media\/824"}],"wp:attachment":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media?parent=823"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/categories?post=823"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/tags?post=823"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}