The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Feature, or bug?

Discussion in 'General Discussion' started by netnameus, Jan 18, 2008.

  1. netnameus

    netnameus Well-Known Member

    Joined:
    Mar 7, 2004
    Messages:
    131
    Likes Received:
    0
    Trophy Points:
    16
    Cpanel Build: 11.17.0-STABLE 19434

    Seems that cpanel allows me to login with any (or even no) username, and the correct reseller password.

    For example, if my reseller info was:
    user: admin
    pass: adminpass

    Cpanel lets me login as
    user: anything
    pass: adminpass
    or
    user:
    pass: adminpass
    or
    user: somethignelse
    pass: adminpass

    Is this a feature, or bug?

    Thanks
     
  2. Amit Deshmukh

    Amit Deshmukh Well-Known Member

    Joined:
    Jul 1, 2007
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Its Simple

    Thats not a bug !

    Looks like there is a permission error at your end.

    Please check the file /etc/passwd file and let me know the permission of this user to fix it

    Regards,
    Amit
     
  3. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    By default, a reseller can login to any of the accounts they own via the cPanel interface by using the user's username and their reseller account's password.

    (snipped)
     
    #3 cPanelDavidG, Jan 21, 2008
    Last edited: Jan 21, 2008
  4. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    The described behavior is determine by two tweak settings:

    Allow usernames to be determined from the account hostname when no username is provided.

    Disable login with root or reseller password into the users' cPanel interface. Also disable switch account dropdown in themes with switch account feature.


    If the first Tweak is enabled (meaning it is checked), the user name is ignored, if supplied, and the username is obtained by looking up the owner of the domain.

    If the second is unchecked (meaning it is enabled), the username is used only to determine which account to display. The login credentials used are those of the reseller.

    Combining the two will give you the behavior you described. Please check those tweak settings.
     
Loading...

Share This Page