Using this interface you can prohibit your user from accessing the C and C++ compilers on your server. This will help you protect your server from malicious elements that seek to exploit vulnerabilities present in the compilers. 

 

Managing compiler access

Select the Enable Compilers option to activate access to the compilers for all unprivileged users. In order to disable the compilers for the unprivileged users, you can select the Disable Compilers option.

 

You can perform the steps outlined below if you want to provide compiler access only to a specific number of users:

  1. Click on the option Allow specific users to use the compilers.
  2. From the list of users on the Add a user to the compiler group menu, select your preferred user.
  3. Select the option Add to Group in order to add that particular user.

 

Run the following steps if you want to remove compiler access from a user:

  1. From the list of users on the Remove a user from the compiler group menu, choose your preferred user.
  2. Select the Remove from Group option to remove that particular user.

 

How does this feature work?

The /usr/bin/gcc file enjoys the following permissions given below when the compiler access is activated:

permissions user group
-rwxr-xr-x root root

 

When compiler access is deactivated, the permissions of the /usr/bin/gcc file changes to the following:

permissions user group
-rwxr-x— root compiler

 

Within the compiler,  the group is contained the cPanel user and other users that have been added to the Allow specific users to use the compilers menu.

 

Warning:

If you find that a user has appeared in the compiler group but that does not have any associated cPanel account, it means that the /etc/group file has been edited by someone and that user has been added.

If the compiler access is activated for everyone after the compiler access is disabled, the group information does not The system will, however, grant everyone permission to read and execute the /usr/bin/gcc file.

If compiler access is disabled again, the compiler group’s membership must be examined. If the compiler group has not been edited by anyone, you can still find users that have had access to the compilers the last time access has been disabled.

 

Cette réponse était-elle pertinente? 0 Utilisateurs l'ont trouvée utile (0 Votes)