SOLVED How to limit reseller's access to DNS

jndawson

Well-Known Member
Aug 27, 2014
289
31
78
Western US
cPanel Access Level
DataCenter Provider
We are setting up a reseller on one of our WHM/cPanel boxes and have restricted access to DNS in the reseller's privileges (DNS add/edit/park/remove all unchecked), and no access to DNS clustering. However, when logged in as the reseller, there is unfettered access to all the DNS functions, including the clustering functions. If it was only access to the customer's domains, there wouldn't be any issues.

Is restricting access not possible? We don't want the headache of exposing several thousand domain zones.
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,608
77
308
cPanel Access Level
Root Administrator
We are setting up a reseller on one of our WHM/cPanel boxes and have restricted access to DNS in the reseller's privileges (DNS add/edit/park/remove all unchecked), and no access to DNS clustering. However, when logged in as the reseller, there is unfettered access to all the DNS functions, including the clustering functions. If it was only access to the customer's domains, there wouldn't be any issues.

Is restricting access not possible? We don't want the headache of exposing several thousand domain zones.
Hello, I'm sorry you're having trouble getting this to work. To figure out what is happening, please provide the following information:

1. Version of cPanel & WHM you are using
2. A list of all the privileges assigned to the reseller (you can find an easy to paste list in /var/cpanel/resellers)

Thank you.
 

jndawson

Well-Known Member
Aug 27, 2014
289
31
78
Western US
cPanel Access Level
DataCenter Provider
Hello, I'm sorry you're having trouble getting this to work. To figure out what is happening, please provide the following information:

1. Version of cPanel & WHM you are using
2. A list of all the privileges assigned to the reseller (you can find an easy to paste list in /var/cpanel/resellers)

Thank you.
1. v.60.0.26
2. <reseller's account>:add-pkg,all,create-acct,disallow-shell,edit-account,edit-mx,edit-pkg,kill-acct,limit-bandwidth,list-accts,mailcheck,news,passwd,quota,rearrange-accts,resftp,restart,show-bandwidth,software-ConfigServer-csf,stats,status,suspend-acct,thirdparty,upgrade-account,viewglobalpackages

Note that 'edit-mx' is the only dns-related privilege. Does that over ride the other dns-specific settings?
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,608
77
308
cPanel Access Level
Root Administrator
1. v.60.0.26
2. <reseller's account>:add-pkg,all,create-acct,disallow-shell,edit-account,edit-mx,edit-pkg,kill-acct,limit-bandwidth,list-accts,mailcheck,news,passwd,quota,rearrange-accts,resftp,restart,show-bandwidth,software-ConfigServer-csf,stats,status,suspend-acct,thirdparty,upgrade-account,viewglobalpackages

Note that 'edit-mx' is the only dns-related privilege. Does that over ride the other dns-specific settings?
The reseller has the all privilege. That grants full access to the entire server through WHM. It is not possible to assign the all privilege, then reduce privileges by unchecking boxes. You need to remove the all privilege to restrict access to functionality.