Compiler Access

Compiler Access

This interface allows you to disable your users' access to the C and C++ compilers on your server. This can help you to protect your server from attacks that exploit vulnerabilities in those compilers.

Manage compiler access

To enable the compilers for all unprivileged users, click Enable Compilers. To disable the compilers for all unprivileged users, click Disable Compilers.

If you wish to grant compiler access to specific users, perform the following steps:

  1. Click Allow specific users to use the compilers.
  2. Select the desired user from the Add a user to the compiler group menu.
  3. Click Add to Group.

To remove compiler access from a user, perform the following steps:

  1. Select the appropriate user’s name from the Remove a user from the compiler group menu.
  2. Click Remove from Group.

How does this feature work?

When compiler access is enabled (default), the /usr/bin/gcc file has the following permissions: 

permissions
user
group
-rwxr-xr-x root root

When you disable compiler access, cPanel changes the permissions of the /usr/bin/gcc file to:

permissions
user
group
-rwxr-x--- root compiler

The compiler group contains the cpanel user and any users that you add to the Allow specific users to use the compilers menu.

For more information about Linux file system permissions, visit the Wikipedia's article on File System Permissions.

Warning:

  • If a user appears in the compiler group who does not have a corresponding cPanel account, someone has edited the /etc/group file to add that user.
  • If you enable compiler access for everyone after you have disabled compiler access, the group information will not change. However, the system will grant read and execute permission for the /usr/bin/gcc file to everyone.
  • If you restrict compiler access again, examine the compiler group's membership. If no one has edited the compiler group, it will still contain users who had access to the compilers the last time that you restricted access.
  • 0 A felhasználók hasznosnak találták ezt
Hasznosnak találta ezt a választ?

Kapcsolódó cikkek

Apache mod_userdir Tweak

Apache mod_userdir Tweak The Apache mod_userdir Tweak interface allows you to prevent...

Configure Security Policies

Configure Security Polices The Configure Security Policies interface allows you to configure...

cPHulk Brute Force Protection

cPHulK Brute Force Protection This interface allows you to configure cPHulk, a service that...

Host Access Control

Host Access Control Warning: If you accidentally lock yourself out of WHM when you use this...

Manage root's SSH Keys

Manage root's SSH Keys This interface allows you to add, import, and manage the SSH keys on your...