What is the difference between Jailed Shell and Normal Shell?

You are reading this article because you have been granted shell access on our servers and want to know what "jailed shell" is.

For all our shared servers we enable JAILED SHELL. If you require normal shell, then we will ask you to order a VPS or dedicated server for that purpose.

On cPanel servers, there are two types of shell environments available: jailed shell and normal shell (full shell). The main difference between them is the level of access and the environment they provide to users.

1. Jailed Shell

A jailed shell is a restricted shell environment that limits the user to a specific directory (also known as a “chroot jail”). This is primarily for security purposes, as it isolates the user from the rest of the server.

Key Characteristics:

Restricted Access: The user can only access a limited set of commands and directories, typically just their own home directory. This helps prevent unauthorized access to system files and other users’ data.

Chroot Environment: The user sees a simulated root directory, but they are actually restricted to a subset of the file system.

Limited Functionality: Some system commands and administrative tools may not be available, as the user doesn’t have full access to the system binaries and libraries.

Security: It reduces the risk of the user performing harmful actions or accessing sensitive parts of the server, making it a safer option for shared hosting environments.

2. Normal Shell (Full Shell)

A normal shell (full shell) provides the user with unrestricted access to the command line, giving them the ability to traverse the full directory structure of the server and execute all standard Linux commands.

Key Characteristics:

Full Access: The user has full access to all system directories and can execute almost any command, depending on their user privileges.

No Restrictions: Users can move around the entire file system, including system directories like /etc, /usr, and others (though they may not be able to modify or view certain files depending on their permissions).

System Interaction: The user can access system binaries, administrative commands, and potentially run scripts or services that interact with the server’s core.

Summary:

Jailed Shell: Restricted, limited access. Confines the user to a subset of the system, enhancing security in shared hosting environments.

Normal Shell: Full, unrestricted access. The user can interact with the entire server environment (though still subject to their permissions).

In most shared hosting environments, jailed shells are commonly provided to ensure that users cannot interfere with the server’s overall operation or access sensitive files. Normal shells are generally reserved for trusted users or on VPS/dedicated servers where there are fewer security concerns.

In a jailed shell (also known as a chrooted shell) on cPanel servers, the user’s environment is restricted, and only a subset of commands are available. This is done to enhance security by limiting the user’s ability to execute system-level commands that could potentially harm the server or access data outside their own environment.

Commonly Available Commands in a Jailed Shell:

In a jailed shell, users generally have access to basic commands needed for file management, development, and basic system interaction. Some of these commands include:

File Management:

• ls – List directory contents

• cd – Change directory

• pwd – Print current working directory

• cp – Copy files and directories

• mv – Move or rename files

• rm – Remove files or directories

• mkdir – Make a new directory

• touch – Create an empty file or update the timestamp of a file

• chmod – Change file permissions

• chown – Change file ownership (limited to owned files)

Text Editing:

• nano or vim – Command-line text editors (if installed in the jailed environment)

File Viewing:

• cat – View contents of a file

• more or less – Paginate through the contents of a file

• head and tail – View the first or last few lines of a file

Network Utilities:

• ping – Test network connectivity (sometimes restricted)

• curl or wget – Fetch web content (if allowed in the environment)

Development Tools:

• php – Run PHP scripts

• python, ruby – Interpreters for other languages (depending on the server setup)

• git – Version control (if installed in the environment)

System Information:

• df – Display disk space usage

• du – Show disk usage of files and directories

• top or htop – Display running processes (may be restricted to user’s own processes)

• ps – Display process status (usually restricted to user’s own processes)

Commands That Are Typically Restricted or Unavailable:

Since a jailed shell is designed to limit the user’s access to the system, certain commands that can affect the server’s configuration or expose sensitive information are disabled. These usually include:

System Administration:

• su – Switch to another user

• sudo – Run commands with superuser privileges

• service or systemctl – Manage system services

• shutdown or reboot – Power off or reboot the server

• kill – Terminate processes not owned by the user

File System:

• mount or umount – Mount or unmount filesystems

• fdisk, mkfs, e2fsck – Disk partitioning or filesystem checking tools

• ln – Create symbolic or hard links (may be restricted to within the user’s environment)

User Management:

• useradd, usermod, passwd – Manage user accounts and passwords

• groupadd, groupdel – Manage groups

System Info:

• dmesg – View kernel ring buffer messages (restricted)

• ifconfig or ip – Network configuration and interfaces

• netstat – Network connections and listening ports

Package Management:

• yum, apt, rpm – Install or manage system packages

• pip, gem – These tools may be limited in a jailed shell if the system administrator restricts access to package installation.

Custom Command Set:

The exact list of available and restricted commands in a jailed shell can vary depending on the hosting provider and server configuration. Administrators can customize the jailed environment by adding or removing specific commands based on security policies.

Note: Even when commands like php, python, or git are available, they may be limited in their functionality, depending on whether certain libraries, binaries, or dependencies are included in the jailed environment.

In summary, the jailed shell allows basic file management, development, and system interaction, but restricts any actions that could affect the server’s overall security, configuration, or other users.

  • ssh, shell, jailed shell, root shell
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

I want to transfer my domains/hosting and/or email to JUCRA Digital

You are reading this article because you would like us to take over your domain, hosting and/or...

What DNS Nameservers should I use?

For your hosting at JUCRA Digital, please use the following nameservers. DNS NAME IP...

Why is my site running slow? Understanding CloudLinux LVE Resource Usage

Sometimes we are asked "why is my site running slow" or "why am I getting kicked out of my site"...

My site won't run on php 7+. What versions of php do you support?

You are reading this article because you have a website on our servers and when you switch to PHP...

Enabling HSTS in Cpanel

ABOUT HSTS HTTP Strict Transport Security (HSTS) instructs web browsers to only use secure...