Search Our Database

How to manage shell access in WHM

Last updated on Jun 23,2025 |

under

Control Panel User Management, cPanel, User Configuration & Management, cPanel

by Irfan Marsidek

Introduction

Shell access in WHM provides users the ability to interact with the server through command-line tools like SSH. Depending on your hosting setup and the user’s needs, WHM allows you to assign one of three shell access levels: Normal Shell, Jailed Shell, or Disabled Shell.

Each option comes with a different level of permission and security exposure. While shell access can be useful for developers and system administrators, it can also pose serious security risks if given to the wrong users. This section explains each shell type, when to use them, and the importance of granting access responsibly.

Prerequisites

Access to WHM
Acknowledge the risk of unsupervised shell access

Step 1: Log into WHM

You need to log into WHM

Step 2: Search for Manage Shell Access

As you reach the homepage, use Search Bar on the top right to search for Manage Shell Access. Then, click on Manage Shell Access.

Step 3: Review/modify shell access

As we reach the Manage Shell Access, we can view the shell access for every cPanel users. There are 3 kind of shell access :

Normal shell : Full, unrestricted shell access. User can access the full file system (within permission limits).
Jailed shell : Restricted shell environment (chroot-like) that confines the user to their home directory and limited safe commands.
Disabled shell : No shell access at all. The user cannot log in via SSH or run shell-based cron jobs directly.

Important Note ⚠️: Granting shell access (especially Normal Shell) gives users powerful control over the server environment. This includes the ability to execute system commands, run scripts, interact with files, and potentially access sensitive areas of the system. Only grant shell access to trusted and technically competent users who specifically require it for development, debugging, or advanced server tasks.

Step 4: Test it out (optional)

You may check on cPanel if your modification takes effect. First, you need to access the cPanel as a user. Then, use the Search Bar on top right to search for Terminal. If the shell access for the user is either Normal or Jailed, the Terminal option will appear. Otherwise, you will not be able to find it.

You may test out the terminal

Important Note ⚠️: Cron jobs can still work even when shell access is disabled, as long as the script being run does not depend on shell-specific features or permissions

Conclusion

Shell access is a powerful feature that enables users to perform advanced tasks — such as managing files, running scripts, or using developer tools — but it also opens the door to potential misuse or accidents.

To maintain server security and stability:

Grant Normal Shell only to highly trusted users who need full access.
Use Jailed Shell to restrict users to a safe environment when limited command-line access is necessary.
Choose Disabled Shell for standard users who only use web applications, email, or FTP.

Even though some tasks (like cron jobs) may still function with shell disabled, always evaluate the real need for shell access before enabling it. Assigning shell access should be treated as a privilege, not a default.

Should you have any technical inquiries, feel free to contact us at support@ipserverone.com.