The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Give full access but limit DNS changes

Discussion in 'Bind / DNS / Nameserver Issues' started by westhost-neil, Feb 4, 2008.

  1. westhost-neil

    westhost-neil Well-Known Member

    Joined:
    Jun 3, 2005
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    UK
    Hi,

    I have setup a dedicated server for a client who I will give full root access to using the reseller option. We supply the DNS for his servers so use the cPanel DNS cluster features but I need to restrict his access to this.

    Currently he can edit/delete any of the domains for all of our other servers. Is there any way I can limit or remove access to these features.

    I tried giving restricted reseller priviledges but this doesn't allow for a lot of options that he will need.

    I look forward to your help.

    Neil
     
  2. westhost-neil

    westhost-neil Well-Known Member

    Joined:
    Jun 3, 2005
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    UK
    It's ok I've answered my own question.

    I simply edited:

    /usr/local/whostmgr/docroot/themes/x/DNS_Functions
    /usr/local/whostmgr/docroot/themes/x/command

    and removed the edit/delete DNS options.
     
  3. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Just a head's up that your changes may be overwritten in future cPanel updates (especially if --force is used). You may want to make backups for when these files become overwritten.
     
  4. Aleksl

    Aleksl Member
    PartnerNOC

    Joined:
    Jan 15, 2008
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Anybody yet has not solved this problem in another way, without deleting links?
    I now also have faced the same problem, it would be desirable to solve, without deleting function from WHM scripts
     
  5. stdout

    stdout Well-Known Member

    Joined:
    Apr 10, 2003
    Messages:
    189
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Nelspruit, Mpumalanga, South Africa
    cPanel Access Level:
    Root Administrator
    Here's a solution - don't put your dedicated clients on the DNS cluster used by your customers.
    You are putting your customers at risk of downtime. No-one wants that.

    * Remove DNS Clustering.
    * Allow Bind/Named to run independantly without clustering.
    * Give him another IP in a different C-Class to avoid DNSReport/Registrar Check failures/warnings".
     
  6. Aleksl

    Aleksl Member
    PartnerNOC

    Joined:
    Jan 15, 2008
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Yes, I know that it would be the ideal decision. But in this case there is a necessity to use already existing nameservers for all domains which will be created on this server.
     
  7. stdout

    stdout Well-Known Member

    Joined:
    Apr 10, 2003
    Messages:
    189
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Nelspruit, Mpumalanga, South Africa
    cPanel Access Level:
    Root Administrator
    Due to DNS Zonefiles being clustered on the client's dedicated, any and all changes to the zones will be synced over to the other DNS servers.

    I could say just chattr +i /var/named/*.db and then chattr -i his dns zones - but this is not a solution as the user (root) could still ultimately remove the attribute and make the changes.

    You are in affect, giving a single client the access to mess with any of your other clients.
     
Loading...

Share This Page