If you are going to grant shell access in a shared environment
 

IMPORTANT NOTE:  This document is based on CentOS, RedHat Linux 7.3, Enterprise and FreeBSD.  The concepts should be similar across operating systems, but the commands will very likely be different.  Also, never assume the directory structures exist in your system as written in the document.  Never blindly follow security instructions -- read, review, compare, apply as it fits your system.

Granting shell user access in a shared environment is extremely dangerous.

Think of it like having an open door policy into your house.  Sure you may have rooms locked, and important belongings in safe areas; however, the strangers coming into your home can learn about what you have and what you have not, and use that knowledge against you.

Furthermore, especially on the Internet, you have no knowledge or control over who is sharing what information with whom.  Your most trusted customer may have shell access, but you don't know what they write down, who can see what they write down, and what information they share with whom.

If you must absolutely provide shell access, here are some common sense guidelines to increase the level of protection:

  1. Moderate all shell requests.
  2. Demand the requestor to provide a copy of their passport (best case) or driver's license.
  3. Get their complete contact information (name, company, address, phone number, etc.).
  4. Verify all of the information they provided is correct, and the information matches the person requesting shell access.  Your verification should go beyond making sure the address and phone number is correct as documents can be forged.  You should contact the appropriate authorities to verify the accuracy of the document(s) provided (Is the passport real?  Does the state / province that issued the driver's license acknowledge they issued that particular driver's license? Etc.)

IMPORTANT NOTE:  This document and all linked document is being provided as a good will gesture to the Parallels H-Sphere community and to others who may benefit from its use.  Dynamic Net, Inc. makes no representations implied or explicit as to their value or warranty. Dynamic Net, Inc. will not be held liable for any damage resulting in the application of the steps and procedures noted.  If you feel uncomfortable at all about doing any of the steps, make a complete system backup and hire a third party like We Manage Servers to do the work for you.

  

 
 

Home ::  About :: Testimonials  ::  Articles ::  Employment ::  Contact
 Services ::  Web Hosting ::  Managed Services :: Parallels H-Sphere  :: Monitoring :: ShopSite 
 Resellers ::   Program ::  Compare Plans ::  Private Label		    
  :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
  Legal Notices - Acceptable Use Policy, Contract, Copyright, Terms of Service

See our privacy statement for questions on how we use information gained by our site.

 Managed Services provided by We Manage Servers