Separate names with a comma.
Discussion in 'User Experience' started by pera123, Jan 19, 2015.
Can we somehow restric cPanel admin from reading emails from all users?
As a root user in Linux it is impossible to keep the files hidden from the root user. You may do things to make it harder for the user to see but the root user owns all.
I would recommend getting a VPS if you would like to keep these files hidden.
By cPanel admin do you mean the account owner OR the server owner ?
Account owner. We are small company who have web site. Up till now we have managed cPanel, database, Phpadmin, emails, databases, all... Now we need to hire a person to do that because business is expanding. In and that person will be able to read all company emails. Which is very strange for me.
I would like to allow person to do things what admin should do, manage server, logs, database, site etc. but not to be able to read all emails and not to be able to send email. Which could be even worse.
i understand that it is trust issue and that we should hire person which we trust and to have a good contract, but if it is available I would like to take preemptive measures, not deal with conveniences.
if the person has access to the whole server with root privileges, he will be able to read the emails and create new accounts to send emails. Unfortunately, you cannot restrict him with this access.
But not even that admin can create new email account, admin can log in in existing account and send emali as CEO, for example. So, in imaginary situation, admin can log in as CEO, write email to bank, as for new password, receive that password in CEO email and log in in official company bank account and do some transactions. Just because he is website administrator.
Is this sounds reasonable?
He won't be able to access the email account unless he has cPanel and email account's password. If you do not share with him he cannot send an email from that email address. Not unless he changes the password.
It's more about selecting a right person & trust.
Are you sure about that. I just got cleaned browser, log in in cPanel, go to email, pick one, go to More dropdown and click Access webmail, then pick Roundcube and voild - I am in without providing email account password.
In that case you can set Accounts that can access a cPanel user account to cPanel User Only. However, it can be changed at any time. Other than this you cannot restrict anything if you provide root privileges to the admin.
This is also discussed on the following thread:
Webmail Login Behavior
You may want to consider hosting your email on a remote server or with a service such as Google Apps.