The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can CPanel please add this password feature?

Discussion in 'General Discussion' started by stftk14, Aug 4, 2003.

  1. stftk14

    stftk14 Well-Known Member

    Joined:
    Jul 10, 2003
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Hey,

    Would the cpanel devs please consider adding function to WHM that allows the ROOT user to see peoples account passwords? Or is there a mod I can do that will allow me?

    It gets annoying because I create accounts and then people change the passwords, then when I goto check the account to make sure its got valid materials I cannot login and I dont want to reset the peoples accounts.

    How can I make WHM let me see the account passwordS when logged in as ROOT?

    cPanel.net Support Ticket Number:
     
  2. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    It would be unsafe to allow that.

    If you administer the server you have access via shell. If you need to look in password protected areas you can change .htaccess to let you in. You can use root password to access their control panel, mail, stats. You can even use command line to setup a hidden ftp account so you can download from their space.

    You'll have to figure out how to do this, it can be done, but i don't do it myself.

    cPanel.net Support Ticket Number:
     
  3. stftk14

    stftk14 Well-Known Member

    Joined:
    Jul 10, 2003
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    oh ok thanks a lot. I am using the log into their cpanel with my root password thing.

    cPanel.net Support Ticket Number:
     
  4. imagic

    imagic Well-Known Member

    Joined:
    Jan 16, 2003
    Messages:
    156
    Likes Received:
    0
    Trophy Points:
    16
    Yes, you can get into some things with the root password. But wait until you have a problem with phpMyAdmin. Oops, can't get in with the root password.

    It's hilarious to me that root can change someone's password, but they aren't allowed to see what the current one is.

    I'm sorry, that doesn't make any sense to me.

    Our clients would love it if we didn't have to continually ask them for their password or worse, change it on them (you do know that also changes their main emailbox password too, right?) So, do we we say, sorry, I'm working on your phpMyAdmin problem, you won't be able to get email for however long it takes us. Or do you email them the new password, but they can't get it, because you've changed the password - wuhahahaha.

    Or I know, you could send them an email that says, we're changing your password so we can get into your account. Let us know when you got this email so we can actually make the change. Then, since it's a web designer you're dealing with, they email their client, the end user. They wait to hear back from their client, who is completely alarmed at the idea that their password is going to change and has no idea how to change it in their email client. Then you wait to hear back from the web designer. Then you can go in and correct the problem that would've taken you 5 minutes to fix if you'd had the frickin password to begin with.

    Someone please explain to me how it makes sense that we can go in and change their password, but we can't know the one it is currently. What kind of security is that?

    cPanel.net Support Ticket Number:
     
  5. imagic

    imagic Well-Known Member

    Joined:
    Jan 16, 2003
    Messages:
    156
    Likes Received:
    0
    Trophy Points:
    16
  6. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    The difference between a secure one-way hash and an insecure decodeable password. The correct type of password encrypting is one way hash - it cannot be decoded, yes, I'm saying impossible - that's security. The type of password you want would have to be stored as plain text or as a decodeable encoding (it might as well be plain text).

    You are confusing convenience with security, plain text passwords would be more convenient, but they are a lot less secure.

    You can access people databases by setting up your own phpmyadmin that uses the mysql root. There is never a need to use the customers phpmyadmin. I have been sysadmining my own server for 18 months, if the customer has a problem they want me to check (can't access mail - then they need to provide the password). How else can you properly isolate the cause of the problem!

    cPanel.net Support Ticket Number:
     
  7. NeutralGold

    NeutralGold Well-Known Member

    Joined:
    Jun 5, 2002
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    Well I get into database just fine using the root user and password. I go to phpmyadmin using one of my cpanel accounts like so,
    https://domain.com:2083/3rdparty/phpMyAdmin/index.php
    It will ask you for the user and password, you just enter the root usr and pass and your all set.. This works for everyone of my server's and I don't see why it won't for any of you..
    On a side note, don't go into the control panel, use that direct link to access it so that it ask for the user and pass..

    cPanel.net Support Ticket Number:
     
  8. Silverado

    Silverado Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    154
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Backyard - Poolside
    I don't think it's a good idea to post/show the passwords. It's just as easy to change them back to the default when the account was created. LOL...... also teaches them to start keeping important information on paper.
    :D

    cPanel.net Support Ticket Number:
     
  9. jcsolutions

    jcsolutions Well-Known Member

    Joined:
    Nov 4, 2002
    Messages:
    184
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    I tried this and it didn't work. I used the direct link and also port 2082, but just got wrong user/pass message.

    Accessing a client DB is the only reason I would like to know a users password. If it were possible to get this, I'd be all set.

    I've noticed a couple posts referring to /etc/passwd, but how does this give you a user's password? Anyone? I can't see them.
    How do you do this? Would you mind posting instructions or pointing to a helpful website? Thanks!
     
    #9 jcsolutions, Aug 5, 2003
    Last edited: Aug 5, 2003
  10. NeutralGold

    NeutralGold Well-Known Member

    Joined:
    Jun 5, 2002
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    Well I don't understand then, it has allways worked like a charm for me and not only on one server either.

    cPanel.net Support Ticket Number:
     
  11. NeutralGold

    NeutralGold Well-Known Member

    Joined:
    Jun 5, 2002
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    also.....
    Installing a copy of PhpMyAdmin isn't to difficult either. I also know of a pretty simple script that lets you access databases and all you need to do is upload it and there you go, I wouldn't recommend uploading it to a domain name that didn't have SSL as you would be sending your password insecurely..

    http://www.mattsscripts.co.uk/mpanel.htm

    cPanel.net Support Ticket Number:
     
  12. mjm

    mjm BANNED

    Joined:
    Aug 1, 2003
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    are you guys serious?

    cPanel.net Support Ticket Number:
     
  13. NeutralGold

    NeutralGold Well-Known Member

    Joined:
    Jun 5, 2002
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    What are you talking about?

    cPanel.net Support Ticket Number:
     
  14. mjm

    mjm BANNED

    Joined:
    Aug 1, 2003
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    adding the ability to view passwords is not a good idea at all.

    if you have 'root' you can do _anything_ on the system you want. you dont need users passwords to do so.

    if you dont understand this you should not be admin'ing anything except your mothers windows '98 workstation.

    cPanel.net Support Ticket Number:
     
  15. mjm

    mjm BANNED

    Joined:
    Aug 1, 2003
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    mysql -u root -p

    *snap*

    cPanel.net Support Ticket Number:
     
  16. compunet2

    compunet2 Well-Known Member

    Joined:
    Feb 21, 2003
    Messages:
    310
    Likes Received:
    0
    Trophy Points:
    16

    I couldnt agree more!

    cPanel.net Support Ticket Number:
     
  17. tAzMaNiAc

    tAzMaNiAc Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sachse, TX
    Well said, mjm :)

    What you all forgot is you can use the MySQL ROOT password which may be different than your ROOT password for WHM.

    Brenden

    cPanel.net Support Ticket Number:
     
  18. jcsolutions

    jcsolutions Well-Known Member

    Joined:
    Nov 4, 2002
    Messages:
    184
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    I can't speak for others, but as for me, I never said I was an expert. I'm starting small with just a few clients and learning as I go. :cool: (I had a pretty good background to begin with.) Once I feel confident I am up to speed, I will go full-tilt. I don't think there's anything wrong with learning. Everyone's got to start somewhere and hands-on work is the best way.

    Using the MySQL root password doesn't work either. I tried that a long time ago.

    cPanel.net Support Ticket Number:
     
  19. mjm

    mjm BANNED

    Joined:
    Aug 1, 2003
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    jcsolutions, login with a shell to your machine.

    type in the following command: mysql -u root -p

    you then get a password prompt, enter mySQL root pass and push enter again.

    BAM!

    you can now do anything you want with mySQL and you dont have to use that silly phpMyAdmin.

    www.mysql.com for any mysql related questions.

    cPanel.net Support Ticket Number:
     
  20. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    jcsolutions,

    To install phpmyadmin just download the files from the site (search google) and install then in the config file just place your root password. Make sure you password protect the directory you install phpmyadmin in because this makes your entire mysql open to the world - suggest not using the default directory either.

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page