Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Preventing user password change in webmail

Discussion in 'E-mail Discussion' started by PeteS, Sep 7, 2018.

Tags:
  1. PeteS

    PeteS Well-Known Member

    Joined:
    Jun 8, 2017
    Messages:
    162
    Likes Received:
    31
    Trophy Points:
    28
    Location:
    Oregon
    cPanel Access Level:
    Root Administrator
    There are several threads that seem to indicate that the feature set for a cPanel account controls which options (including changing user password) the user has via the webmail interface. But this is not entirely true...

    Turning off Autoresponders or Forwarders in the feature set for a cPanel account removes them or turns then off in cPanal and the webmail interface. (Works as expected.)

    BUT... deselecting Password & Security removes it from cPanel's interface, while leaving it active in webmail's interface! Deselecting it in the default feature set, and selecting it in the disabled feature set still does not remove it from the webmail interface.

    Additionally, there is a work-around (bug?) for changing user passwords (other than the main cPanel user). It is possible in cPanel, under Email Accounts, and also under User Manager (which cannot be turned off in the feature set) to change a user password. It's like this ONLY possible to prevent a cPanel account password change but not prevent other user password changes.

    It makes sense that a cPanel user should be able to change email passwords in their account, but how do we prevent users from changing their own in webmail?

    What am I missing?

    -Pete
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,335
    Likes Received:
    2,162
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello Pete,

    I've been unable to reproduce this behavior. Disabling the "Password and Security" feature removes the option to change the cPanel account username's password via cPanel >> User Prereferences, cPanel >> User Manager, and upon logging in to Webmail using the the cPanel username.

    Are you referring to the individual email accounts as opposed to the cPanel account username. If so, it's by design that the "Password and Security" feature applies to the cPanel username itself and not the individual email accounts.

    To clarify, are you looking for a way to prevent individual email account users from changing their passwords using Webmail? If so, that's not possible at this time. I encourage you to vote and add feedback to the following feature request if that's something you'd like to control:

    Make webmail user settings menu customizable to remove features

    Note that one option you can control is the ability to allow subaccount users to reset their password via email if they forget their password. The option is found under the System tab in WHM >> Tweak Settings:

    Reset Password for Subaccounts

    It won't stop them from changing their password if they already know the current password, but it does prevent them from resetting the password when they don't know the current password.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. PeteS

    PeteS Well-Known Member

    Joined:
    Jun 8, 2017
    Messages:
    162
    Likes Received:
    31
    Trophy Points:
    28
    Location:
    Oregon
    cPanel Access Level:
    Root Administrator
    Sorry, this got dropped. Thanks for the info, and the feature link.

    I do feel that limiting password changes by subaccounts (email users in this case) should be able to be limited, as forward and autoresponder creation is not. :)

    -Pete
     
    cPanelMichael likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice