LinkBack URL
About LinkBacksIs it possable to use WHM to create multiple cPanel accounts for the same domain. I have a person who wants an account for him, and one for his IT Guy?
Multiple cPanel Logins (cPanel Subusers) [Case 44353]
Is it possable to use WHM to create multiple cPanel accounts for the same domain. I have a person who wants an account for him, and one for his IT Guy?
cPanel does not support this functionality at this time. However, here is a related feature request you can vote for: <<Moderator Redacted: Bugzilla is no longer used for feature requests, please vocalize your support by posting to this thread instead>>Originally Posted by KMyers
In the meantime, you can assign the IT Guy a FTP account from that cPanel account so they can FTP upload/download as needed. For database management, they can install their own copy of phpMyAdmin. However, they should be sure to password-protect that directory to ensure only they have access to that interface.
Last edited by cPanelDavidG; 07-08-2010 at 10:46 AM.
Multiple logins for same account
After dealing with the historical controversy of "showing statistics only" to a cpanel user, and after solving it creating a customised theme/package/feature list, I think it would be GREAT to add the possibility of multiple logins for same account, ps:
We have 1 account ("account23") which can be accesed with different purposes:
- user account23: Full access. default
- user stats23: Visibility restricted to web statistics
- user mail23: Mail management ONLY
Won't be useful?
Update: Same request was done here: <<Moderator Redacted Link: Thread merged into this one>>
Vote for it!!!: <<Moderator Redacted Link: Bugzilla is no longer used for feature requests, please vocalize your support via this thread instead>>
Cheers!!!
Last edited by cPanelDavidG; 07-08-2010 at 10:49 AM.
I have merged that thread into this feature request. Note, support for this functionality should be vocalized on this thread as Bugzilla is no longer used for feature requests.
These additional cPanel users, should they also be Unix system users or should they be "virtual" users, like FTP accounts and email accounts where they have their own usernames and passwords but are not Unix system accounts (thus, no possibility of shell access).
I know some systems that have implemented this use a username@domain login to avoid the problem posed by potentially duplicate usernames. For example, what if account24 also wanted to create a username stats23 (admittedly: stats23 is a bit of a weird example, but common terms like webmaster would be likely to be duplicated by many users)? Note, this would require that these additional users be virtual users rather than Unix system users.
Control Panel sub users / User Feature Manager
My apologies if there is already a similar request in which I could not locate.
We currently make use of rvskin's User Feature Manager to let customers create sub-logins to the control panel showing only relevant features / sections.
This is however limited in various respects (which I won't detail here to keep the discussion on topic) and is rather cumbersome for users to initially understand. Ideally we'd like to see a more streamlined version of this introduced into cpanel itself.
It is very common now for customers from larger enterprises to want to define sub users for departments within their organisation, such as marketing that only has access to statistics sections etc.
From our experience, the feature should:
+ Allow the main control panel user to create sub logins with defined levels of access to various control panel sections and features.
+ Each account should be able to have settings for FTP / Web Disk independent of the main system user (I release this may be non trivial and is discussed in part elsewhere
+ Be secure. By this I mean that when logged into the control panel sections the sub user shouldn't be able to see are not just hidden through JS or similar.
Interested to see what others have to say
I have merged your feature request with the existing feature request for this functionality. I have also updated the thread title of the existing thread to make it easier to locate.
Can you can backtrack to my prior post on this newly merged thread and elaborate on how those issues should be addressed? Feedback would be appreciated.
In at least our case, shell access itself is unimportant as we don't allow it, however would I be right in thinking that the sub users not being system users would prevent the use of SFTP? The less difference between the abilities of the main cpanel user and those that can be granted to any sub users as desired by the hosting account owner the better...
While it would indeed be 'nice' to have the virtual user format username@domain for the reason you specify I'd be more concerned that the necessary granularity / features and security is present.
+1 for this one too.
We would love to be able to add sub-users, at least for our business users.
I had (many) cases where the administrator refuses to give access to cpanel to someone that cares for the email accounts for example because of the lack of sub-users.
I would spread the subusers into categories (like ftp - for the website administrator = he would have access to the "Files" menu, mail - for the mail administration team = he would have access to the "Mail" menu, etc...), or maybe when adding a sub-user, to have a lick and tick the options what access do you want to give to this new user in the cpanel.
Sounds great, id go for the Create sub-user -> Tick boxes for permissions route.
Also with regards to SFTP, I would have thought - as as far as I am aware FTP etc is all done via Virtual users anyway it should be possible to allow subuser@domain.com to have SFTP access.
FTPS (FTP over TLS) is done using the FTP Daemon, which supports virtual users.
SSH File Transfer Protocol (SFTP) is done via SSH, not FTP. SSH, in its current implementation in cPanel/WHM environments, only accommodates system users, not virtual users.
Apologies, my mistake S on wrong side...
Even so I don't see this as a problem myself... If your providing someone with a limited sub-account I can see no reason why they would need ANY form of SSH access. If they need SSH then you should be able to trust them with the whole account IMHO.
+1
+1
Im actually trying to find something to do this right now. Ive got 1 website account, I need to create a subuser with a specific feature package, to administrate email accounts
Currently we do have ssh access disabled for client accounts, but some users make use of SFTP for file transfer, either for security or policy reasons. Oddly enough I don't recall that we've been asked the question "how come we get SFTP but not ssh access" although I suppose ymmv. I agree that if it can't be done, it shouldn't stop the feature request, but I can perhaps see a certain subset of users being surprised if they're used to transferring files in this manner via an FTP client (and don't even think of it as a form of ssh) and it's missing when they create a sub account for marketing or whoever.
Call for Comments
Let me know if this below report accurately summarizes what you desire:
Support For cPanel Subusers
Small cPanel account owners may want to delegate specific tasks to be performed by somewhat trusted individuals but without full access to the cPanel interface. Reasons for this can include the following hypothetical situations:
- Small Businesses having a secretary, giving the secretary access to just creating and removing email accounts but not to editing the company's website.
- Web Designers that guarantee their work not wanting their hosting customers to re-code their website themselves then accuse the Web Designer of poor coding.
- A Small Business Owner that wants to delegate full access to the cPanel interface to a contractor, but be reliably able to revoke that access in the event that contract is terminated.
The features available to these subusers should be filtered using a utility identical to or very similar to Feature Manager and Feature Lists.
Subusers (which would very likely be virtual users) would have a login of username@domain similar to FTP virtual users and Email virtual users. The ability for matching user capabilities such as SFTP access could eventually be accommodated by features already being worked on like version 11.34's Pluggable Authentication.
