Multi Level root access?

[stgift]

I am not sure if this is the place to post this but here it goes.... Are there any plans to come up with multi level root access so the users if whm would be able to lock out certain features such as password modification to the root?

The reason I am asking is this... I have employees to help provide support to my customers it would be nice if I could lock out certain features so my employess could not do things to lock me out... This has never happened but you never know it could happen in the future as we bring on new team members.

so a nice feature would be if I could assign multiple root user ID's and passwords so that I could block certain root features so that my employess did not have access to all the features in the root.

[HH-Steven]

In a way it can be done now.

Ive managed to do it with a few of my team members.

The only way ive come across of doing it is to :

1) Create a new account for each team member (teammember.yourdomain.tld)

(chances are theyll have free hosting with you anyway)

2) give each team members account reseller status and just individually modify there reseller priveleges for the features / access you wish each team member to have.

ive managed to split my team up into sections depending on there knowledge etc, but of course im the only one with :

Server Setup
Service Configuration
Reseller Centre (restricts them from changing there own privleges)

which in turn does prevent a team member changing the root pass and locking me out.

Not the ideal way i know but it seems to work ok.

[MikeChristopher]

thats exactly what i do - its the easiest way plus you get control on which sites they can be in control of so they dont mistakenly do anything in the main accounts.

[kris1351]

There is a great program called sudo. It will only allow you set administration rights to certain accounts where they execute root commands in the manner of sudo rm <file> and it will log each command they run as sudo. You can also make it so only certain users can run sudo su - and gain access to root. You can actually disable their normal su - command where it can only be run via sudo.

It is a great program and a great extra level of security. It is really nice to see the logs when something goes wrong on a server. It also will give you the ability to have less trusted admins do what you want to do. The only downside is Cpanel still has not figured out how to implement something similar with WHM. I hate hate hate how you have to log into WHM with root, this is about the silliest thing I have ever seen.