Compiler Access
For WHM version 11.38
(
Home >> Security Center >> Compiler Access)
Overview
Many common attacks require a working C or C++
compiler on the server. Disabling these compilers will result in a more secure server.
To enable or disable the compilers for unprivileged users:
- Click Enable/Disable Compilers.
You can grant access to specific users by clicking
Allow specific users to use the compilers.
- Click the name of the user to whom you wish to grant compiler access.
- Click Add to Group.
To remove
compiler access for a user, click that user’s name under
Remove a user from the compiler group.
How does this feature work?
When
compiler access is enabled (default), the permissions for
/usr/bin/gcc are:
| permissions |
user |
group |
| -rwxr-xr-x |
root |
root |
When you disable compiler access, cPanel changes the permissions for
/usr/bin/gcc:
| permissions |
user |
group |
| -rwxr-x--- |
root |
compiler |
Until you add users to the
compiler group using the
Allow specific users to use the compilers. feature, the
compiler group will only contain the
cpanel user.
For more information about Linux file system permissions, please visit the
wikipedia article.
Warnings
If you see a user in the
compiler group that doesn't have a cPanel account, someone has edited
/etc/group to add that user.
If you enable compilers for everyone after having disabled them, the group information will not change. However, read and execute permissions for
/usr/bin/gcc are granted to everyone. If you restrict access again later, you will need to see which users are in the
compiler group. If the
compiler group has not been edited, it will still contain any users who had access to the compiler the last time access was restricted.
Topic revision: r9 - 25 Jan 2013 - 23:22:29 - Main.RosieArcelay
RSS Feed
