Multiple WHM Users for all accounts with perms?

xblabberx

Registered
Jan 10, 2018
1
0
1
USA
cPanel Access Level
Root Administrator
Hey everyone,

So our small company has two servers both running WHM hosting multiple client accounts on each. Before I came onboard, everyone used the root credentials. Even the freelancers that needed to work on accounts or change plugins on WHM got the root credentials.

Needless to say, I found this unacceptable, and wanted everyone to have their own credentials for logging and permission purposes. So I created user accounts for everyone following this post here.

This works well for myself, and the three other people in the office, as we all need full root access to the entire WHM panel anyways. Here is my problem:

We have two other people that I created user accounts for that need to access WHM. They typically assist us with firewall configuration, plugin configuration, and sometimes other things as well. They need to be able to see all accounts, but I would like to restrict their permissions to allow everything except Package creation/modification, creating accounts with shell access, and password modification.

As far as I'm aware, the resellers file in /var/cpanel houses ACL for each user. I tried to restrict their permissions via resellers permissions panel in WHM, but after it disallowed them to see all accounts, as this overwrote the "user:all" line in the resellers file with their updated permission set.

Is there any way to allow them to see all accounts AND restrict their permission sets?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
Hello,

You can't allow a reseller to see all accounts (accounts owned by root or other resellers) without granting the "All Features" privilege to the reseller. Once the reseller has all privileges, they essentially have root access to WHM. Feel free to open a feature request if you'd like to see additionally functionality added to the reseller privileges:

Submit A Feature Request

In the meantime, one potential workaround would be to assign the ownership of all accounts to a single reseller, and then setup that reseller username with the privileges you prefer to grant to the two users you referenced.

Thank you.