Cron security for user accounts

I am currently evaluating Interworx and plan on migrating all of my shared hosting servers to it but have a few concerns that I have been unable to find specific answers to. I currently use Ensim Pro but it does not work behind a DMZ, does not cluster, has expensive support and is too expensive.

My main concerns are with security. With ensim, I am used to user accounts being jailed to their account directory for shell, apache and cgi scripts. When I looked at Interworx site with cron jobs enabled, I noticed that there were several shell options available for user to choose from. Is this secure or is it useless to give users cron job access?

I have successfully tested the jailed shell access and am happy with the results but when creating a new domain, the shell account is not activated by default. Is there a way to have it activated when account created in chroot environment?

Is the default interworx install secure with respect to apache, ie is it jailed to user account also? If not, is there an easy way to do this.

Does interworx work with mod_security?

Thank you for your time.

The options available from the Cron interface in SiteWorx are: Mailto, Path, and Shell. Those are the standard variables available to a user when setting up their own cronjobs. If you give a user shell access (even jailed shell access) they would be able to set their own cronjobs and set these variables themselves. Giving a user access to cron is a security risk on any machine, regardless of the control panel you are running, as it gives users access to binaries on the system. If you are concerned about security, you will need to take additional steps to secure the binaries on your system.

No, there isn’t a way to have a shell user activated automatically on SiteWorx account creation.

In the default setup, all site files on the server will be readable by the Apache user. You could use something like suPHP to get around this. Check the forums, as there are others who have set this up.

It should, and I believe we have a couple boxes of our own using mod_security, but I’d have to double-check to be sure.