Prevent end user from accessing system backups.

4u123

Well-Known Member
PartnerNOC
Jan 2, 2006
931
21
168
Apologies if this is a really dumb question, but how can I disable the option for the customer to download a previous system backup via "Account Backups" in cpanel's "Backups" area - but retain the option to generate their own backups via "Download or Generate a Full Website Backup".

On some servers we don't want the customer to have access to the server backups -only to generate and download their own. This is because a small number of our servers are using an NFS share for backups, which grinds to a halt if it is accessed when a scheduled backup is taking place - we don't want the customers to be able to interfere with that by accessing the backups whenever they want.

I can't see a way of disabling this, while keeping the option for the customer to create their own backups.
 

4u123

Well-Known Member
PartnerNOC
Jan 2, 2006
931
21
168
Hello :)

It's not possible to disable that functionality without disabling backups for the user. Please vote and add your feedback to the existing feature request that covers this request:

Disable only the generation of full backup in cPanel and limit download of backup | cPanel Feature Requests

Thank you.
Perhaps, rather than asking people to vote to change obvious oversights, you could simply add it to your list of moronic development decisions that need changing Michael?

I mean, who in their right mind would consider adding the option for the customer to have access to the server's backups without any option to switch this off?

When you have development meetings - do you purposely think of things that you can enable, without asking the question - "Should we offer an option to disable this too?"

cPanel - Sometimes you astound me with your ignorance.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello :)

We appreciate the input. It's important to keep in mind that one of the unique aspects of our feature request system is the ability to directly correspond with our developers. Rather than simply voting on a feature, you can add your feedback to the feature so our developers can take your comments into consideration. For instance, with this particular feature request, cPanelBrianO has responded, explained the reasoning why certain decisions were made, and asked for feedback from users/server owners to help decide on how to proceed.

Thank you.
 

4u123

Well-Known Member
PartnerNOC
Jan 2, 2006
931
21
168
Hello :)

We appreciate the input. It's important to keep in mind that one of the unique aspects of our feature request system is the ability to directly correspond with our developers. Rather than simply voting on a feature, you can add your feedback to the feature so our developers can take your comments into consideration. For instance, with this particular feature request, cPanelBrianO has responded, explained the reasoning why certain decisions were made, and asked for feedback from users/server owners to help decide on how to proceed.

Thank you.

What concerns me the most is a seemingly inherent lack of common sense at cpanel. You don't seem to have anyone on your staff that is prepared to ask questions about the decisions you make, so things appear to get implemented without considering all the implications.

I think the feature request system can be a problem because it only works when everyone gets involved and this simply doesn't happen, so you should be careful not to use it as definitive gauge for what your customers want or don't want. I've been using cpanel servers for over ten years and I've maybe visited your feature requests system a handful of times. What you perhaps need on top of that is a consultation group containing companies that have been in business for at least five years and who have experience of maintaining their own cpanel servers. Ask for opinions on possible feaures and feedback from the people that know your software well. Don't expect everyone to take part in the feature requests system - it is saturated and overwhelming. I don't have any time for it myself.

Before you implement any new features, I'd advise you to simply ask the question "Might some hosts not want to enable this functionality?" It seems sensible to suggest that any new features or changes you make that might increase resource usage or otherwise disrupt the running of a server under normal circumstances - should come with an option to disable that functionality. Should this really need to be said?

Across the industry, you will have customers who configure their cpanel servers very differently. Some web hosts put very large numbers of accounts on their servers, so this could have an impact. At the same time the choice of backup media and connectivity will differ across the board - so the impact of allowing all customers to download potentially huge archives direct from the backup source whenever they want, will also vary.

Most importantly, a business will need to make a decision on their backup strategy, based on many factors including the above. Prior to this feature being implemented, access to the backups were controlled solely by the server admin - so the backup location was accessed only during scheduled backups and when an admin was called upon to restore an account. So access to the backup source was specifically controlled.

What you have done here, is removed that control element completely - without any warning and without offering an option to disable it. Now, the backup source can be accessed by anyone at any time. This is a clear indication that you are out of touch with your customers and that you lack an understanding of how your customers run their businesses.

But I want to comment further on this functionality. You are providing the customer with the ability to download to their computer, a backup archive from the server's backup source.

Why?

Ok, so the customer can store the backup archive on their computer for as long as they want. If one day they want to restore this backup - they need to re-upload the archive to their home directory (assuming they have the space) so we can manually restore it for them.

But - they already have an option to download their home directory and MySQL databases. In most cases that's all they need in a basic backup system.

What's happened here is that you've provided three different backup options to the customer and muddled up the interface so it isn't really clear to them what they are doing. On the one hand, it tells them that "no previous backups are available to download" - then it gives them an option to download an account backup with specific dates. It is very confusing. The terms used are "Full Website Backup" "Account Backups" and "Partial Backups".

It makes sense that we would want to control what level of access we give the end user to each of these three types of backup - but this has not been provided.

Full Website Backup. This allows the customer to create a full archive of their entire account and save it to their home directory, or to a remote location.

It comes with the following warning...

You can only use this to move your account to another server, or to keep a local copy of your files. You cannot restore full backups through your cPanel interface.

Ok, lets encourage them to move to another provider by giving them an easy option to switch. It also doesn't mention that the file CAN be used to restore their account on the server, if the archive is uploaded.

It also doesn't explain to the customer clearly that if they save it to their home directory, it will take up part of their space allocation. You and I might know that - but customers need to be told things like this.

Account Backups.

There is no explanation provided in the interface to the customer about what this is exactly. There is no description at all. Again, you and I know that this is exactly the same as a "full Website Backup" - just one that has already been generated and stored on the server. The customer doesn't know this - confusing.

It must also be very annoying for the customer to see a list of "restore points" yet have no option but to download those archives to their computer, knowing that they can't really do much with them other than try to pick out individual files to re-upload.

Partial Backups.

These are great - they allow the customer to download their home directory and their databases, filters and forwarders.

If you were to add to this, the ability to download / restore an archive of their individual Email accounts - You'd have a basic backup system that could be used independently without offering the other two pointless options.

We don't want to offer all three of these options to our customers - especially with the interface being so poorly designed. Each one of these options is badly implemented, badly worded and provides little more than confusion and difficulty to the customer.

In an ideal world, I think most hosts would want offer the partial backups as the main option - allowing the customer to download archives of their files, databases and perhaps in the future, email accounts. The full backup option is a resource hngry waste of time, unless the customer wants to move to a different company and the same goes for the option to download the system backup. At the very least, there should be an option to split out these three things, giving the web host a choice as to which they offer to the customer.
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,608
77
308
cPanel Access Level
Root Administrator
What concerns me the most is a seemingly inherent lack of common sense at cpanel. You don't seem to have anyone on your staff that is prepared to ask questions about the decisions you make, so things appear to get implemented without considering all the implications.

I think the feature request system can be a problem because it only works when everyone gets involved and this simply doesn't happen, so you should be careful not to use it as definitive gauge for what your customers want or don't want. I've been using cpanel servers for over ten years and I've maybe visited your feature requests system a handful of times. What you perhaps need on top of that is a consultation group containing companies that have been in business for at least five years and who have experience of maintaining their own cpanel servers. Ask for opinions on possible feaures and feedback from the people that know your software well. Don't expect everyone to take part in the feature requests system - it is saturated and overwhelming. I don't have any time for it myself.

Before you implement any new features, I'd advise you to simply ask the question "Might some hosts not want to enable this functionality?" It seems sensible to suggest that any new features or changes you make that might increase resource usage or otherwise disrupt the running of a server under normal circumstances - should come with an option to disable that functionality. Should this really need to be said?

Across the industry, you will have customers who configure their cpanel servers very differently. Some web hosts put very large numbers of accounts on their servers, so this could have an impact. At the same time the choice of backup media and connectivity will differ across the board - so the impact of allowing all customers to download potentially huge archives direct from the backup source whenever they want, will also vary.

Most importantly, a business will need to make a decision on their backup strategy, based on many factors including the above. Prior to this feature being implemented, access to the backups were controlled solely by the server admin - so the backup location was accessed only during scheduled backups and when an admin was called upon to restore an account. So access to the backup source was specifically controlled.

What you have done here, is removed that control element completely - without any warning and without offering an option to disable it. Now, the backup source can be accessed by anyone at any time. This is a clear indication that you are out of touch with your customers and that you lack an understanding of how your customers run their businesses.

But I want to comment further on this functionality. You are providing the customer with the ability to download to their computer, a backup archive from the server's backup source.

Why?

Ok, so the customer can store the backup archive on their computer for as long as they want. If one day they want to restore this backup - they need to re-upload the archive to their home directory (assuming they have the space) so we can manually restore it for them.

But - they already have an option to download their home directory and MySQL databases. In most cases that's all they need in a basic backup system.

What's happened here is that you've provided three different backup options to the customer and muddled up the interface so it isn't really clear to them what they are doing. On the one hand, it tells them that "no previous backups are available to download" - then it gives them an option to download an account backup with specific dates. It is very confusing. The terms used are "Full Website Backup" "Account Backups" and "Partial Backups".

It makes sense that we would want to control what level of access we give the end user to each of these three types of backup - but this has not been provided.

Full Website Backup. This allows the customer to create a full archive of their entire account and save it to their home directory, or to a remote location.

It comes with the following warning...

You can only use this to move your account to another server, or to keep a local copy of your files. You cannot restore full backups through your cPanel interface.

Ok, lets encourage them to move to another provider by giving them an easy option to switch. It also doesn't mention that the file CAN be used to restore their account on the server, if the archive is uploaded.

It also doesn't explain to the customer clearly that if they save it to their home directory, it will take up part of their space allocation. You and I might know that - but customers need to be told things like this.

Account Backups.

There is no explanation provided in the interface to the customer about what this is exactly. There is no description at all. Again, you and I know that this is exactly the same as a "full Website Backup" - just one that has already been generated and stored on the server. The customer doesn't know this - confusing.

It must also be very annoying for the customer to see a list of "restore points" yet have no option but to download those archives to their computer, knowing that they can't really do much with them other than try to pick out individual files to re-upload.

Partial Backups.

These are great - they allow the customer to download their home directory and their databases, filters and forwarders.

If you were to add to this, the ability to download / restore an archive of their individual Email accounts - You'd have a basic backup system that could be used independently without offering the other two pointless options.

We don't want to offer all three of these options to our customers - especially with the interface being so poorly designed. Each one of these options is badly implemented, badly worded and provides little more than confusion and difficulty to the customer.

In an ideal world, I think most hosts would want offer the partial backups as the main option - allowing the customer to download archives of their files, databases and perhaps in the future, email accounts. The full backup option is a resource hngry waste of time, unless the customer wants to move to a different company and the same goes for the option to download the system backup. At the very least, there should be an option to split out these three things, giving the web host a choice as to which they offer to the customer.
You have some really good feedback in your response. It's going to take me a bit to process it fully to give you a proper response. In the meantime I can assure you that some of the questions you want us to ask (e.g. "do some hosts want this disabled?") and activities you want us to perform ("talking to established hosting providers about where we are going") we are doing.

It's a tricky business getting those questions answered, and gathering some of the feedback. Sometimes despite our best efforts we get insufficient response. Rather than not doing anything due to insufficient response we may opt to roll a feature out and gather feedback after the fact. It's not ideal, and we wish we had all the answers prior to making decisions. It is the unfortunate reality.

Regarding your concern about users downloading system backups, would you be willing to share your cPanel & WHM version number?

I'm not aware of us adding the capability for users to download system backups in recent versions. It's possible this is an unintentional change.
 

4u123

Well-Known Member
PartnerNOC
Jan 2, 2006
931
21
168
You have some really good feedback in your response. It's going to take me a bit to process it fully to give you a proper response. In the meantime I can assure you that some of the questions you want us to ask (e.g. "do some hosts want this disabled?") and activities you want us to perform ("talking to established hosting providers about where we are going") we are doing.

It's a tricky business getting those questions answered, and gathering some of the feedback. Sometimes despite our best efforts we get insufficient response. Rather than not doing anything due to insufficient response we may opt to roll a feature out and gather feedback after the fact. It's not ideal, and we wish we had all the answers prior to making decisions. It is the unfortunate reality.

Regarding your concern about users downloading system backups, would you be willing to share your cPanel & WHM version number?

I'm not aware of us adding the capability for users to download system backups in recent versions. It's possible this is an unintentional change.

Hi Ken,

Regarding "system backups". If I used that term in my earlier response I was referring to the backups performed by the cpanel backup system. You have added a feature that allows the client to directly download these backups - that's what I was talking about.