cPanel User Feature Manager security risk

[Robolovsky]

Here is my problem. I have a hosting account with a provider using cPanel. I need to set up a secondary user for the email admin and have done this, assigning him the role of Email_maintainer with no FTP access.

In order for him to be able to log in to the cPanel, he first has to use my master login credentials and then his own username and password.

This is surely a security risk as he then has my master login details. Although he cannot use these to access any cPanel areas that are outside of his assigned roll, he could use my login to gain FTP access to my site files via a third party FTP client.

The flaw in the system seem to be that he is required to use my master login before he can enter his own login. Unless I am missing something here, there appears to be no way around this dilemma.

I have tried disabling FTP access for the main account and then creating a Webmaster roll for myself with FTP enabled. However the system does not allow any secondary users FTP access if the main user account has this disabled. Very frustrating.

I am hoping that someone out there may be able to solve this but I fear it is something that would have to be addressed by the developers

[Infopro]

There is no way that I know of to add a secondary user account to maintain email, or anything else inside a cPanel account.

[Robolovsky]

There is no way that I know of to add a secondary user account to maintain email, or anything else inside a cPanel account.

Well it's quite easy, you just go to Prefererences, User-Feature manager and turn the feature on.

You can then add new users with limited or full access. They have their own login but they also have to use your master login to access the secondary user login.

[Infopro]

Well it's quite easy, you just go to Prefererences, User-Feature manager and turn the feature on.

You can then add new users with limited or full access. They have their own login but they also have to use your master login to access the secondary user login.

Please be more specific about where this area is located, please. I'm low on coffee today. Where is this Preferences > User Feature Manager at exactly?

[Robolovsky]

Please be more specific about where this area is located, please. I'm low on coffee today. Where is this Preferences > User Feature Manager at exactly?

Well in my cPanel, "Preferences" is the first horizontal box at the top of the page. User-Feature manager is the last icon in that box. I know that web hosts can set these up any way they want so maybe you don't have that feature on yours.

[Infopro]

Well in my cPanel, "Preferences" is the first horizontal box at the top of the page. User-Feature manager is the last icon in that box. I know that web hosts can set these up any way they want so maybe you don't have that feature on yours.

As mentioned, there is no way to add a secondary user that I'm aware of. This sounds like something your host has added as you mentioned, so thats where you'll need to seek assistance with this issue.

Sorry I can't help more than that, no experience with that feature.

[Robolovsky]

As mentioned, there is no way to add a secondary user that I'm aware of. This sounds like something your host has added as you mentioned, so thats where you'll need to seek assistance with this issue.

Sorry I can't help more than that, no experience with that feature.

I have done some digging and discovered that this feature appears to be part of a skin management system for cPanel called RVSkin (cPanel Theme - RVSkin, a great experience for you, reseller, and clients).

I have taken up the query with them.

Thanks for trying.

[reactorh]

Well it's quite easy, you just go to Prefererences, User-Feature manager and turn the feature on.

You can then add new users with limited or full access. They have their own login but they also have to use your master login to access the secondary user login.

So this feature is worthless cause i dont wanna to give my credentials to a limited user....