How to Stop Compiler Access on Your Server?

Posted by Allura on 05 02 2018.

 A Brief Overview

The Compiler Access interface allows the user to disable access to the C and C++ compilers on the  server. This can help the user to protect his server from vulnerable attacks on those compilers.

 

Manage Compiler Access

CPANEL has a prescribed procedure to manage compiler access. If the user wishes to enable compiler access he has to click on Enable Compiler Access. Likewise if the user wishes to disable compiler access he has to click on Disable Computer Access.

If the user wishes to grant compiler access to specific users, the following steps need to be performed.

• Click Allow specific users to use the compilers.
• The desired user needs to be selected from the Add a user to the compiler group menu.
• Then Add to group option is to be selected.

To remove compiler access from a user, the following steps need to be performed:

• The appropriate user’s name is to be selected from the Remove a user from the compiler group menu.
• Click Remove from Group.

How does this Feature Work?

When the user enables compiler access (default), the /USR/BIN/GCC file has the following permissions:

permissions	user	group
-RWXR-XR-X	root	root

When the user disables compiler access, CPANEL changes the permissions of the /USR/BIN/GCC file to:

permissions	user	group
-RWXR-X—	root	compiler

The compiler group contains the CPANEL user and any users that you add to the Allow specific users to use the compilers menu.

 

Some Key Warnings:

• If a user appears in the compiler group and does not have a corresponding CPANEL account, it would be imperative that someone has edited the /etc/group file to add that user.
• If the user enables compiler access for everyone after compiler access has been disabled, the group information will not change. However, the system will grant read and execute permission for the /USR/BIN/GCC file to everyone.

If the compiler access is restricted again, the compiler group’s membership should be examined. If no one has edited the compiler group, it will still contain people who had access to the compilers the last time that the user restricted access.

 

Conclusion

The Internet Protocol Address can be accessed as well as access to it can be denied as a result of Host Access Control. The services to which this access can be denied are CPANEL, WHM,    WEBMAIL AND WEBDESK. So compiler access seems to be a very important concept in the arena of CPANEL which should be known by all the users in detail.