In cPanel/WHM by default Apache is run by the same user for all accounts. This can create a security threat if one user’s account is compromised and attacker can gain access outside of the particular user account.
To prevent this, Apache chroot jail is used. This segments Apache vhosts and limits the portion of file systems which can be seen by a user’s Apache daemon.
How to jail Apache cPanel/WHM
- Login to WHM which is usually located at https://IPaddress:2087
- Go to Server Configuration > Tweak Settings > Security
- Find EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell and change it to On. Save.
Jail shell access
The next step will be to jail user shell access. And in order to do it:
- Go to Account Functions > Manage Shell Access
- Next to the user instead of Normal Shell, which is selected by default, choose Jailed Shell.
- Changes will be saved automatically.