This is a security vulnerability which needs patching, or a solution offered to harden my install.
I’ve been running Cyberpanel for a week now on ubuntu 20.04 lts, today i wanted to test the domain ssh, through the control panel i added a website, in its sub menu, i created ssh access to the website. As expected i got access to what was in my websites part of the server. I have open_basedir_protection enabled.
However when i run the command cd … to try to go up a directory, i get permission denied, (which is good) but it does go up a level to “home”. When i try this step again (cd …) it goes into the working directory of the server. (This is bad). I tested going to the folder etc, which it allowed, and then to edit the hosts file with nano, which it also allowed.
I see this as a big security risk, this lower level user which doesn’t have sudo rights (double checked) can access upper level server folders and files and can with a text editor edit files in the server. This could mean that if you were hosting other peoples websites on your server or someone gained access to the main cyberpanel control panel, they could create a ssh user on one of the websites, and then potentially wreak havoc on your server.
Hi i used the command “cd …” not directly asking for the directory like your screen shot “cd /home” .
note that in pink in your code your user did go to home directory and if it was denied this it shouldn’t go up should it?
Yes I can confirm what you say i can’t edit the file, it says unwritable using nano.
0 updates can be applied immediately.
Last login: Sat Mar 26 20:51:57 2022 from
chris7969@domserver:~$ cd ..
chris7969@domserver:/home$ ls
ls: cannot open directory '.': Permission denied
chris7969@domserver:/home$ cd ..
chris7969@domserver:/$ ls
bin dev lib libx32 mnt root snap tmp webadmin.csr
boot etc lib32 lost+found opt run srv usr
cyberpanel.swap home lib64 media proc sbin sys var
chris7969@domserver:/$ cd boot
chris7969@domserver:/boot$ ls
config-5.4.0-104-generic System.map-5.4.0-104-generic
config-5.4.0-105-generic System.map-5.4.0-105-generic
grub vmlinuz
initrd.img vmlinuz-5.4.0-104-generic
initrd.img-5.4.0-104-generic vmlinuz-5.4.0-105-generic
initrd.img-5.4.0-105-generic vmlinuz.old
initrd.img.old
chris7969@domserver:/boot$
But a ssh user that was supposedly created for one domain only that should be in its own containter that can see other users by running cat /etc/passwd i don’t think i’ve set this up right, or there is something not set up right in the code.
Oh i see i haven’t enable CageFS on the system. That should fix it right?
Could that just be built into the install process, seems a simple yet big security risk.
Umm well maybe not im running ubuntu, not sure how to install it on this op,
“Set up SSH access and enable/disable CageFS for 111111111.com. CageFS require CloudLinux OS.”
If you want each user in its own container then for sure you need Cloudlinux and Cagefs, what you are seeing above is normal linux behaviour.
However, CyberPanel won’t let you enter directories of other websites, which is how it should be. This way even without Cloudlinux and Cagefs if one website is hacked, they cant hack into other sites.
Thanks for helping, yes you may have but i got up early on sunday did the post, got distracted, and went to church, got home, and did stuff with wife, and only checked in later that night. So um, well lets say i was concerned about it, but not in duress and just wanted to flag it, as i thought it should be more containerized. I’m pleased by usmannasir’s explanation, and I can sleep easy about it.