Manage Shell Access nuisance after upgrade to 11.36.1.5

[Tom Risager]

I have account packages defined with shell access disabled by default. If I need to grant shell access to an account, I use the "Manage Shell Access" feature.

Since upgrading, when I grant shell access I get a warning message: "Package conflict: Account is on package Standard" ("Standard" is a package I have defined). I must then click one of two links:

"Set this account to have no package" or
"Keep this account on this package (not recommended)".

If I don't click one of the links, shell access is not enabled (even though the radio button indicates that it is). Clicking one of the links is now required for the change to take effect, where until now it was sufficient to make a selection.

I find this a very annoying extra step, and I don't understand the need for it. I cannot imagine a situation where setting the account to have no package would be the right choice, and I much prefer the way it worked up until this release.

EDIT: What makes even less sense is, if I keep the package and enable shell access, if I then want to switch back to "Disabled shell" I get the same warning - even though the package has shell disabled by default.

 

[arunsv84]

cPanel is showing warning because you are trying to edit the values that are assigned to a particular package. When a value is enabled manually that's disabled in the package, its normal to warn the admin that the values are altered. In similar case, I would create a custom package for this particular user.

Cheers!!!

 

[Tom Risager]

cPanel is showing warning because you are trying to edit the values that are assigned to a particular package. When a value is enabled manually that's disabled in the package, its normal to warn the admin that the values are altered. In similar case, I would create a custom package for this particular user.

I understand that I can create another package and assign the user to that. Any package changes would then require updates in two locations, including changes that have nothing to do with shell access.

I always thought that the "manage shell access" option was intended for exception cases, where you want to quickly grant or deny shell access. It becomes a somewhat pointless option to have in WHM if you are now required to maintain separate packages anyway after the lastest update.

 

[ThinIce]

Hum now that's an interesting one, I'd always thought it was necessary to click right through the prompt to get the shell access enabled, you live and learn I guess :p

When enabling shell access for an individual account I'd always just picked "Keep this account on this package (not recommended)"

I believe the prompt was introduced as a reminder of sorts that if you were to edit the original package, the shell access granted would then be overwritten (removed), causing an unintended loss of functionality for the user. I'm not sure as you say how this fits in with the "manage shell access" feature, which I've always thought of as just a shortcut to the basic "modify an account" feature.

Perhaps a staff member could clarify if the "manage shell access" screen's settings are stored and applied independantly (in which case this appears to count as a bug) or if it makes the same changes to an account as "modify account" and is thus vulnerable to package edits

 

[Infopro]

The docs should help here a bit I think:
Manage Shell Access - cPanel Documentation

Remember: An account's package determines whether the account has shell access. Therefore, changing the account's permission to access a shell will set the account's package to undefined. The undefined package is a reserved package name that can contain different values for different users.

 

[quietFinn]

To manage shell access for our customers we have 2 versions of every package, with and without shell access.

 

[Tom Risager]

The documentation heading "How do I enable or disable shell access for specific users?" accurately describes how it works in 11.36.0.21. Version 11.36.1.5 behaves differently.

Yes, I understand that it would be possible to have duplicate packets and then cPanel could simply remove the "Manage shell access" option. Not my preference.