Multiple cPanel Logins (cPanel Subusers) [Case 44353]

[cPanelDavidG]

Is there any ETA for this?

Not yet, this remains in the planning stages.

[pthirose]

I'd definitely vote for this one. Dunno who'd vote against it. For me, this one's more important than "Clone Server Configuration [Case 42206,52043]" (as much as I may have been griping in my office while I went on a click-fest across two windows.)

I'd be ok seeing this feature happen in stages. The first run-through had fairly fixed roles, and later came some added requests to make it fully RBAC so any "subuser" could get granted access in any mix-and-match method. While I fully endorse this end-goal, if we can get even a fixed role and access-list based method is say 11.36 and full RBAC in 1.40, I'd be ok w/that. For me, I'd rather get what I can sooner, than all of it later. Given this thread started in 2008, I'd rather have partial implementation now

PH

[lbeachmike]

I'd definitely vote for this one. Dunno who'd vote against it. For me, this one's more important than "Clone Server Configuration [Case 42206,52043]" (as much as I may have been griping in my office while I went on a click-fest across two windows.)

I'd be ok seeing this feature happen in stages. The first run-through had fairly fixed roles, and later came some added requests to make it fully RBAC so any "subuser" could get granted access in any mix-and-match method. While I fully endorse this end-goal, if we can get even a fixed role and access-list based method is say 11.36 and full RBAC in 1.40, I'd be ok w/that. For me, I'd rather get what I can sooner, than all of it later. Given this thread started in 2008, I'd rather have partial implementation now

PH

No way - clone server is much higher on my list than multi-user! But I'm a big +1 for both.

mrk

[skyknight]

+1

although this is great feature, but this feature will cause pain. Some client will blame host master for changing made by virtual login. To solve it, what is done by virtual login must be notified via email to each other or logged.

[monarobase]

I agree that a log visible in cPanel that lists all changes to an account with all the changes that have been applied and the username of the person who made them would be great, but its possible that cPanel would prefer that this be treated as a separate feature request.

I'm not for an e-mail being sent each time, but for a log that the main cPanel user could check, why not !

[Kent Brockman]

I agree that a log visible in cPanel that lists all changes to an account with all the changes that have been applied and the username of the person who made them would be great, but its possible that cPanel would prefer that this be treated as a separate feature request.

I'm not for an e-mail being sent each time, but for a log that the main cPanel user could check, why not !

I agree. May this be taken in account for the current feature request?

[cPanelDavidG]

I agree. May this be taken in account for the current feature request?

All activity for existing and new features that are added are logged to /usr/local/cpanel/logs/access_log

As for changes to virtual accounts, if this was likely wouldn't we have run into this problem with other virtual users like webmail users, FTP users, WebDisk users and Database users already? Are are there unique circumstances here that I'm not properly considering?

[Kent Brockman]

All activity for existing and new features that are added are logged to /usr/local/cpanel/logs/access_log

Yep, but you must agree that analyzing the log trying to lookup the activity in a given account is quite annoying.
I know, we may be going off topic for this request..

As for changes to virtual accounts, if this was likely wouldn't we have run into this problem with other virtual users like webmail users, FTP users, WebDisk users and Database users already? Are are there unique circumstances here that I'm not properly considering?

If multiple logins will be treated the same way, then it should be ok.

[cPanelDavidG]

Yep, but you must agree that analyzing the log trying to lookup the activity in a given account is quite annoying.
I know, we may be going off topic for this request..

One thing to keep in mind is we format that log so it uses Apache's format for web logs. This means anything that can help with processing Apache logs can do the same thing with cpsrvd logs. Something to consider in addition to the traditional method of just grep'ing at the command line .

[mikelegg]

I just had a request for this functionality from one of my customers.

They want to be able to give their marketing department access to the stats, but not anything else.

For now we're just going to give the marketing department the direct url to AWstats and hope that they don't work out that the username/password will also get them into cPanel & FTP. It's the marketing department, so I don't think we need to worry too much

[crazyaboutlinux]

yesterday night i have received for this functionality from one of my customers. So i have searched in Google & got this link

so obviously 1 vote for this feature

eagerly waiting........

[Gareth-AWD]

A massive +1 for this please. Get it off the planning stages and get it done, everyone wants it

[lbeachmike]

Agreed, and also for the functionality there should be some additional considerations of what users are consistently asking for.

I have users often complain that they have two many logins, between their cpanel account, their email account, and their billing system login - some get confused by this or just want to see more simplicity.

So, perhaps rather than having unique cpanel logins, the entire login structure can be associated with email addresses. In that way, every email user has an email address and password - and those that have additional privileges would simply be able to use the very same login credentials.

This would immensely simplify matters for all parties.

Existing cpanel account credentials could be retained, but going forward, associating everything with an email address would make for great simplicity all around.

Thanks.

mrk

[electric]

If your providing someone with a limited sub-account I can see no reason why they would need ANY form of SSH access. If they need SSH then you should be able to trust them with the whole account IMHO.

That's exactly what I was thinking. The "sub-account" users should be simple virtual users. No need to give them ssh. If ssh is needed.. then that opens a whole new can of worms since they would then have access to the entire /home folder, etc.

In other words, we're not looking for a recreation of the entire operating system's users functionality. We just want to have new (virtual) cpanel users that have access to some areas but not others.

So every (virtual) cpanel user would actually "run" as the master cpanel user for the account. This way, very little changes are needed in the back-end permissions system. The virtual user system simply would run on top of the existing system. (ie: Have a virtual user mapping file to current cpanel user.

Thanks.

[lbeachmike]

That's exactly what I was thinking. The "sub-account" users should be simple virtual users. No need to give them ssh. If ssh is needed.. then that opens a whole new can of worms since they would then have access to the entire /home folder, etc.

In other words, we're not looking for a recreation of the entire operating system's users functionality. We just want to have new (virtual) cpanel users that have access to some areas but not others.

Agreed.

mrk