Spiral

BANNED
Jun 24, 2005
2,020
8
193
how can i disable root from logging into whm?
What in the world? :confused:

Why do you want to disable root from WHM access?

If you did that, you would effectively defeat the point of WHM as that is for managing your server and root is the account you use for master operations.

It would neither be recommended nor wise to try to disable root from WHM on a Cpanel based server!

(Doing so also does very little in terms of any added security benefit!)

However, if you are concerned with someone using WHM outside of yourself,
you can put in a IPTABLES filter to block connections to WHM to anyone other than yourself:
iptables -A INPUT -s ! x.x.x.x -p tcp --dport 2086:2087 -j REJECT
(replace x.x.x.x above with your own IP address or CIDR range)

You can partially limit root's access such as to reseller and cpanel accounts by checking the following item in Tweak Settings:
Disable login with root or reseller password into the users' cPanel interface. Also disable switch account dropdown in themes with switch account feature.
The most important thing more than anything is to simply make sure that you have a strong password for root. Make it long, make it random, and include punctuation, mixed capitals, and numeric characters.
 

nikkii

Registered
Aug 8, 2009
2
0
51
I dont use the root account in whm, and have no need to have root allowed in whm. it would be an ideal security enhancement to add an option to deny root from logging into whm.
 

Spiral

BANNED
Jun 24, 2005
2,020
8
193
I dont use the root account in whm, and have no need to have root allowed in whm. it would be an ideal security enhancement to add an option to deny root from logging into whm.
Not really because a great many scripts out there still make use of direct logins
to WHM under root and you could run into issues if you tried to use any of those various addons, 3rd party applications, or scripts if root were not working.

True more are using keys and API calls but not all of them and that is something to consider as well.

Also, as I said, security gains would be negligible and weighed against breaking something, probably not a good idea as you gain little, lose more.

I would however recommend disabling direct root login from your FTP (MUST!) and from SSH (Recommended).