The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel User Feature Manager security risk

Discussion in 'Security' started by Robolovsky, Jul 22, 2010.

  1. Robolovsky

    Robolovsky Member

    Joined:
    Jul 22, 2010
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Here is my problem. I have a hosting account with a provider using cPanel. I need to set up a secondary user for the email admin and have done this, assigning him the role of Email_maintainer with no FTP access.

    In order for him to be able to log in to the cPanel, he first has to use my master login credentials and then his own username and password.

    This is surely a security risk as he then has my master login details. Although he cannot use these to access any cPanel areas that are outside of his assigned roll, he could use my login to gain FTP access to my site files via a third party FTP client.

    The flaw in the system seem to be that he is required to use my master login before he can enter his own login. Unless I am missing something here, there appears to be no way around this dilemma.

    I have tried disabling FTP access for the main account and then creating a Webmaster roll for myself with FTP enabled. However the system does not allow any secondary users FTP access if the main user account has this disabled. Very frustrating.

    I am hoping that someone out there may be able to solve this but I fear it is something that would have to be addressed by the developers :confused:
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    There is no way that I know of to add a secondary user account to maintain email, or anything else inside a cPanel account.
     
  3. Robolovsky

    Robolovsky Member

    Joined:
    Jul 22, 2010
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Well it's quite easy, you just go to Prefererences, User-Feature manager and turn the feature on.

    You can then add new users with limited or full access. They have their own login but they also have to use your master login to access the secondary user login.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Please be more specific about where this area is located, please. I'm low on coffee today. Where is this Preferences > User Feature Manager at exactly?
     
  5. Robolovsky

    Robolovsky Member

    Joined:
    Jul 22, 2010
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Well in my cPanel, "Preferences" is the first horizontal box at the top of the page. User-Feature manager is the last icon in that box. I know that web hosts can set these up any way they want so maybe you don't have that feature on yours.
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    As mentioned, there is no way to add a secondary user that I'm aware of. This sounds like something your host has added as you mentioned, so thats where you'll need to seek assistance with this issue.

    Sorry I can't help more than that, no experience with that feature.
     
  7. Robolovsky

    Robolovsky Member

    Joined:
    Jul 22, 2010
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    I have done some digging and discovered that this feature appears to be part of a skin management system for cPanel called RVSkin (cPanel Theme - RVSkin, a great experience for you, reseller, and clients).

    I have taken up the query with them.

    Thanks for trying.
     
  8. reactorh

    reactorh Well-Known Member

    Joined:
    Aug 2, 2005
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    So this feature is worthless cause i dont wanna to give my credentials to a limited user....
    :mad:
     
Loading...

Share This Page