Compiler Access

Valid for versions 82 through the latest version

Version:

82


Last modified: May 13, 2020

Overview

This interface lets you manage your server’s C and C++ compiler user access. This can help you protect your server from attacks that exploit compiler vulnerabilities.

  • To enable the compilers for all users, click Enable Compilers.
  • To disable compilers for all unprivileged users, click Disable Compilers.

By default, the system enables compiler access. The system also sets the /usr/bin/gcc file to the 0755 permissions and the file’s ownership to the root user. This allows all users access to compilers. For example, the system’s /usr/bin/gcc file might resemble the following entry:

-rwxr-xr-x 2 root root 768648 Aug 6 11:52 gcc

When you disable compiler access, the system changes the /usr/bin/gcc file to the 0750 permissions. The file also maintains the root ownership. However, the system updates the /usr/bin/gcc file to the compiler group. For example:

-rwxr-x--- 2 root compiler 768648 Aug 6 11:55 gcc

Disabling compiler access also creates a compiler group entry in the /etc/group file. The group entry contains the cpanel user, and any users that you add to the Allow specific users to use the compilers list. For example:

compiler:x:989:cpanel,username

Manage Compiler Group

When you disable compiler access, the system displays the Allow specific users to use the compilers setting. When you select this, the system directs you to the Manager Compiler Group interface. Use this interface to manage user access to the compilers.

To grant compiler access to specific users, perform the following steps:

  1. Click Allow specific users to use the compilers.
  2. Select the desired user from the Add a user to the compiler group menu.
  3. Click Add to Group.

To remove compiler access from a user, perform the following steps:

  1. Select the user from the Remove a user from the compiler group menu.
  2. Click Remove from Group.
Warning:
  • When you modify your system’s compiler access, make certain to review the list of users in the Manager Compiler Group interface. The system does not automatically update this list.

  • If the complier group contains a user without a corresponding cPanel account, someone modified the /etc/group file to add that user.

Additional Documentation