Compiler Access  Испечати

Overview:

This interface lets you manage your server’s C and C++ compiler user access. This can help you protect your server from attacks that exploit compiler vulnerabilities.

  • To enable the compilers for all users, click Enable Compilers.
  • To disable compilers for all unprivileged users, click Disable Compilers.

By default, the system enables compiler access. The system also sets the /usr/bin/gcc file to the 0755 permissions and the file’s ownership to the root user. This allows all users access to compilers. For example, the system’s /usr/bin/gcc file might resemble the following entry:

-rwxr-xr-x 2 root root 768648 Aug 6 11:52 gcc

When you disable compiler access, the system changes the /usr/bin/gcc file to the 0750 permissions. The file also maintains the root ownership. However, the system updates the /usr/bin/gcc file to the compiler group. For example:

-rwxr-x--- 2 root compiler 768648 Aug 6 11:55 gcc

Disabling compiler access also creates a compiler group entry in the /etc/group file. The group entry contains the cpanel user, and any users that you add to the Allow specific users to use the compilers list. For example:

compiler:x:989:cpanel,username

Manage Compiler Group

When you disable compiler access, the system displays the Allow specific users to use the compilers setting. When you select this, the system directs you to the Manager Compiler Group interface. Use this interface to manage user access to the compilers.

To grant compiler access to specific users, perform the following steps:

  1. Click Allow specific users to use the compilers.
  2. Select the desired user from the Add a user to the compiler group menu.
  3. Click Add to Group.

To remove compiler access from a user, perform the following steps:

  1. Select the user from the Remove a user from the compiler group menu.
  2. Click Remove from Group.
Warning:
  • When you modify your system’s compiler access, make certain to review the list of users in the Manager Compiler Group interface. The system does not automatically update this list.

  • If the complier group contains a user without a corresponding cPanel account, someone modified the /etc/group file to add that user.

Дали Ви помогна овој одговор?

Понудени резултати

Apache mod_userdir Tweak
Overview: This interface allows you to disable the Apache mod_userdir module’s functionality for...
Configure Security Policies
Overview: The Configure Security Policies interface allows you to configure your security policy...
cPHulk Brute Force Protection
Overview: This interface allows you to configure cPHulk, a service that provides protection for...
Host Access Control
Overview: Warning: For users of CentOS 7, CloudLinux™ 7, and Red Hat® Enterprise Linux® 7 and...
Manage External Authentications
Overview: The Manage External Authentications interface allows you to manage your server’s...