Is it safe to let a developer have access to this cpanel account?

johni

Registered
Apr 3, 2018
3
0
1
Canada
cPanel Access Level
Website Owner
I have to get a (free) plugin developer to take a look at a problem I'm having.

I always create clones on cheap servers when doing stuff like this, but this time I want a clone on the actual sites server to ensure everything is exactly the same.

I'm using a VPS with WHM.

As root user if I create a new account in WHM, within that account's cpanel interface there is an option to swap between both cpanel accounts. So giving access to the clone account's cpanel will allow the user to switch between cpanel accounts (to the main site's cpanel account), which I obviously don't want.

I notice if I designate that account to a different IP (my VPS came with 5 IPs), the link to swap between cpanel accounts isn't there.

What I'm wondering is if creating an account and designating it to a different IP as mentioned above means the accounts are now truly separate, and giving someone access to the clone's cpanel account is safe?

Or is it better/safer to create a reseller account and then use that to create a subordinate cpanel account (which seems like a hassle)?
 

andrew.n

Well-Known Member
Jun 9, 2020
877
329
63
EU
cPanel Access Level
Root Administrator
Why don't you make a full backup of that only account to which you give access to the developer? Make sure you disable shell access then the developer won't be able to do much harm and you will always be able to restore the full account from the backup if necessary. Alternatively it's often enough if you just create an FTP account for the developer and give only FTP access so his options are even more limited then.
 
  • Like
Reactions: cPRex

johni

Registered
Apr 3, 2018
3
0
1
Canada
cPanel Access Level
Website Owner
Why don't you make a full backup of that only account to which you give access to the developer? Make sure you disable shell access then the developer won't be able to do much harm and you will always be able to restore the full account from the backup if necessary. Alternatively it's often enough if you just create an FTP account for the developer and give only FTP access so his options are even more limited then.
Well, I'd prefer to create a clone of the site with reduced functionality for testing anyway.

It is confusing because the account owner of all created non-reseller accounts is root. I had figured there would be 3 settings when creating an account: root, reseller, and member/standard user.

Instead, there is only root and reseller, so I wasn't sure what privileges non-reseller accounts had as they still are owned by root user.

What I am basically concerned with is whether non-reseller accounts I create have any access to the domain/website files/database of the root user's cpanel/other adjacent accounts, since they are all "owned by root user" and on the same IP/nameservers?

If each non-reseller account's cpanel is closed off from each other, then I can give access to the clone account and just delete the whole thing afterwards.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,652
325
438
Finland
cPanel Access Level
Root Administrator
As root user if I create a new account in WHM, within that account's cpanel interface there is an option to swap between both cpanel accounts. So giving access to the clone account's cpanel will allow the user to switch between cpanel accounts (to the main site's cpanel account), which I obviously don't want.
That only happens when you log in to cPanel as root, if you log in as the cPanel user you cant switch to another cPanel account.

EDIT:
Same with accounts created by a reseller, if you log in as the reseller, you can switch between accounts that reseller owns.
 

andrew.n

Well-Known Member
Jun 9, 2020
877
329
63
EU
cPanel Access Level
Root Administrator
root means that they have been created by the administrator of the server and not by any resellers so it is perfectly safe:)