This interface allows you to disable your users' access to the C and C++ compilers on your server. This can help you to protect your server from attacks that exploit vulnerabilities in those compilers.
Manage compiler access
To enable the compilers for all unprivileged users, click Enable Compilers. To disable the compilers for all unprivileged users, click Disable Compilers.
If you wish to grant compiler access to specific users, perform the following steps:
- Click Allow specific users to use the compilers.
- Select the desired user from the Add a user to the compiler group menu.
- Click Add to Group.
To remove compiler access from a user, perform the following steps:
- Select the appropriate user’s name from the Remove a user from the compiler group menu.
- Click Remove from Group.
How does this feature work?
When compiler access is enabled (default), the /usr/bin/gcc file has the following permissions:
|
permissions
|
user
|
group
|
|---|---|---|
-rwxr-xr-x |
root |
root |
When you disable compiler access, cPanel changes the permissions of the /usr/bin/gcc file to:
|
permissions
|
user
|
group
|
|---|---|---|
-rwxr-x--- |
root |
compiler |
The compiler group contains the cpanel user and any users that you add to the Allow specific users to use the compilers menu.
For more information about Linux file system permissions, visit the Wikipedia's article on File System Permissions.
Warning:
- If a user appears in the
compilergroup who does not have a corresponding cPanel account, someone has edited the/etc/groupfile to add that user. - If you enable compiler access for everyone after you have disabled compiler access, the group information will not change. However, the system will grant read and execute permission for the
/usr/bin/gccfile to everyone. - If you restrict compiler access again, examine the
compilergroup's membership. If no one has edited thecompilergroup, it will still contain users who had access to the compilers the last time that you restricted access.
