Disabling compiler access in WHM prevents unprivileged users from compiling C and C++ code on your server. Compilers can be exploited by attackers to build malicious tools or exploit vulnerabilities on the server. By default, compiler access is disabled on cPanel servers. Disabling it is a recommended security hardening step for production servers.

Step 1: Log in to WHM

Open your browser and navigate to https://your-server-ip:2087. Enter your root credentials to access the WHM dashboard.

Step 2: Navigate to Compiler Access

In the left-hand sidebar, go to Home » Security Center » Compiler Access.

Step 3: Disable Compilers

Click the Disable Compilers button. This will restrict compiler access to root and any specific users you allow.

Step 4: Save Changes

Click Save to apply the change.

How This Works

  • When compilers are enabled, the /usr/bin/gcc file has 0755 permissions, allowing all users to compile code.
  • When compilers are disabled, the system changes /usr/bin/gcc permissions to 0750 and assigns it to the compiler group, preventing unprivileged users from compiling.
  • A compiler group is created in /etc/group containing the cpanel user and any users you specifically grant access to.

Allowing Specific Users to Use Compilers

If you need to grant compiler access to specific users after disabling it:

  1. Click Allow specific users to use the compilers on the Compiler Access page.
  2. Select the desired user from the Add a user to the compiler group dropdown menu.
  3. Click Add to Group.

To revoke access, select the user from the Remove a user from the compiler group dropdown and click Remove from Group.

Important Notes

  • This is a server-wide security setting that affects all accounts.
  • Disabling compilers helps protect against attacks that exploit compiler vulnerabilities.
  • After modifying compiler access, always review the list of users in the Manage Compiler Group interface. The system does not automatically update this list.
  • If you find a user in the compiler group without a corresponding cPanel account, someone may have manually modified the /etc/group file.

Troubleshooting

  • A legitimate user reports they cannot compile code: Add them to the compiler group using the Manage Compiler Group interface.
  • Compiler access re-enabled after update: Verify the permissions of /usr/bin/gcc using ls -la /usr/bin/gcc. If permissions are 0755, disable compilers again.
Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How to set Default maximum email quota for new packages via WHM?

The Default maximum email quota for new packages setting in WHM controls the maximum email...
How to set Default disk usage quota for new packages via WHM?

The Default disk usage quota for new packages setting in WHM lets you define a default disk space...
How to set Default bandwidth limit for new packages via WHM?

When you create a new hosting package in WHM, cPanel uses a default bandwidth limit if you don't...
How to change cPanel PHP max POST size via WHM?

The cPanel PHP max POST size setting controls the maximum size of HTTP POST requests that...
How to change cPanel PHP max upload size via WHM?

What is the cPanel PHP Max Upload Size? The cPanel PHP max upload size setting controls the...