SOLVED How to limit reseller's access to DNS

jndawson · Dec 6, 2016

We are setting up a reseller on one of our WHM/cPanel boxes and have restricted access to DNS in the reseller's privileges (DNS add/edit/park/remove all unchecked), and no access to DNS clustering. However, when logged in as the reseller, there is unfettered access to all the DNS functions, including the clustering functions. If it was only access to the customer's domains, there wouldn't be any issues.

Is restricting access not possible? We don't want the headache of exposing several thousand domain zones.

cPanelKenneth · Dec 7, 2016

jndawson said: ↑

We are setting up a reseller on one of our WHM/cPanel boxes and have restricted access to DNS in the reseller's privileges (DNS add/edit/park/remove all unchecked), and no access to DNS clustering. However, when logged in as the reseller, there is unfettered access to all the DNS functions, including the clustering functions. If it was only access to the customer's domains, there wouldn't be any issues.

Is restricting access not possible? We don't want the headache of exposing several thousand domain zones.
Click to expand...

Hello, I'm sorry you're having trouble getting this to work. To figure out what is happening, please provide the following information:

1. Version of cPanel & WHM you are using
2. A list of all the privileges assigned to the reseller (you can find an easy to paste list in /var/cpanel/resellers)

Thank you.

jndawson · Dec 8, 2016

cPanelKenneth said: ↑

Hello, I'm sorry you're having trouble getting this to work. To figure out what is happening, please provide the following information:

1. Version of cPanel & WHM you are using
2. A list of all the privileges assigned to the reseller (you can find an easy to paste list in /var/cpanel/resellers)

Thank you.
Click to expand...

1. v.60.0.26
2. <reseller's account>:add-pkg,all,create-acct,disallow-shell,edit-account,edit-mx,edit-pkg,kill-acct,limit-bandwidth,list-accts,mailcheck,news,passwd,quota,rearrange-accts,resftp,restart,show-bandwidth,software-ConfigServer-csf,stats,status,suspend-acct,thirdparty,upgrade-account,viewglobalpackages

Note that 'edit-mx' is the only dns-related privilege. Does that over ride the other dns-specific settings?

cPanelKenneth · Dec 8, 2016

jndawson said: ↑

1. v.60.0.26
2. <reseller's account>:add-pkg,all,create-acct,disallow-shell,edit-account,edit-mx,edit-pkg,kill-acct,limit-bandwidth,list-accts,mailcheck,news,passwd,quota,rearrange-accts,resftp,restart,show-bandwidth,software-ConfigServer-csf,stats,status,suspend-acct,thirdparty,upgrade-account,viewglobalpackages

Note that 'edit-mx' is the only dns-related privilege. Does that over ride the other dns-specific settings?
Click to expand...

The reseller has the all privilege. That grants full access to the entire server through WHM. It is not possible to assign the all privilege, then reduce privileges by unchecking boxes. You need to remove the all privilege to restrict access to functionality.

jndawson · Dec 8, 2016

cPanelKenneth said: ↑

The reseller has the all privilege. That grants full access to the entire server through WHM. It is not possible to assign the all privilege, then reduce privileges by unchecking boxes. You need to remove the all privilege to restrict access to functionality.
Click to expand...

Thanks - that was it.

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED How to limit reseller's access to DNS

jndawson Well-Known Member

cPanelKenneth cPanel Development
Staff Member

jndawson Well-Known Member

cPanelKenneth cPanel Development
Staff Member

jndawson Well-Known Member

Confused by AutoSSL 200 domain limit and virtual hosts

Reset specific domain ratelimit

limit rate while transfer backup into amazon S3

Email .sig size limits

Reseller mails when bandwidth/disk space reaches limit

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED How to limit reseller's access to DNS

jndawson Well-Known Member

cPanelKenneth cPanel Development Staff Member

jndawson Well-Known Member

cPanelKenneth cPanel Development Staff Member

jndawson Well-Known Member

Confused by AutoSSL 200 domain limit and virtual hosts

Reset specific domain ratelimit

limit rate while transfer backup into amazon S3

Email .sig size limits

Reseller mails when bandwidth/disk space reaches limit

Share This Page

cPanelKenneth cPanel Development
Staff Member

cPanelKenneth cPanel Development
Staff Member