Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Include Page
LIB:_Version68
LIB:_Version68

(WHM >> Home  >> Security Center >> Compiler Access)

Table of Contents
stylenone

Overview

This interface allows you to disable your users' access to the C and C++ compilers on your server. This can help you to protect your server from attacks that exploit vulnerabilities in those compilers.

Manage compiler access

To enable the compilers for all unprivileged users, click Enable Compilers. To disable the compilers for all unprivileged users, click Disable Compilers.

If you wish to grant compiler access to specific users, perform the following steps:

  1. Click Allow specific users to use the compilers.
  2. Select the desired user from the Add a user to the compiler group menu.
  3. Click Add to Group.

To remove compiler access from a user, perform the following steps:

  1. Select the appropriate user’s name from the Remove a user from the compiler group menu.
  2. Click Remove from Group.

How does this feature work?

When compiler access is enabled (default), the /usr/bin/gcc file has the following permissions: 

permissionsusergroup
-rwxr-xr-xrootroot

When you disable compiler access, cPanel changes the permissions of the /usr/bin/gcc file to:

permissionsusergroup
-rwxr-x---rootcompiler

The compiler group contains the cpanel user and any users that you add to the Allow specific users to use the compilers menu.

For more information about Linux file system permissions, visit the Wikipedia's article on File System Permissions.

Warning
titleWarning:
  • If a user appears in the compiler group who does not have a corresponding cPanel account, someone has edited the /etc/group file to add that user.
  • If you enable compiler access for everyone after you have disabled compiler access, the group information will not change. However, the system will grant read and execute permission for the /usr/bin/gcc file to everyone.
  • If you restrict compiler access again, examine the compiler group's membership. If no one has edited the compiler group, it will still contain users who had access to the compilers the last time that you restricted access.

Additional documentation

Localtab Group


Localtab
activetrue
titleSuggested documentation

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel = "security" and space = currentSpace()


Localtab
titleFor cPanel users

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel = "security" and label = "cpanel" and space = currentSpace()


Localtab
titleFor WHM users

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel = "security" and label = "whm" and space = currentSpace()


Localtab
titleFor developers

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel = "security" and space = "SDK"