Resellers on your server can have unlimited bw and diskspace.

[electric]

It seems like any reseller can easily use unlimited bandwidth and disk space, regardless of what limits are specifie in the reseller center?

It's simple:

1. Log into WHM as root and create a reseller account.

2. Log into WHM as the new reseller and a new cpanel account with unlimited disk space and bandwidth.

4. Now you can upload unlimited files to the new cpanel account, and it has unlimited bandwidth.

Am I missing something here?

 

[Infopro]

The Reseller Center, I believe.

WHM > Resellers section on left menu > Reseller Center. On that page find the Reseller Modifications section at bottom of page, click Edit Privileges/Nameservers.

Next page click the Second option, Limits accounts that...., when you do, it opens to ask for the limits you wish to use for that reseller. (Disk Space/Bandwidth)

 

[electric]

Yes, but those limits are useless (not used) except when the reseller is actually creating a new package, and only if you have not allowed overselling.

So even if you set a limit of 1gb disk and 10gb bw... the reseller is still able to create an "unlimited" package and then upload unlimited amounts of files and use unlimited amounts of bandwidth. (Assuming you have checked the "allow overselling" boxes.)

The only time those values are used is when/if the reseller actually creates a new account. Then the WHM process checks the total usage and compares it to whatever limits you have specified.

So my example still stands. Even if you have set a limit of 1mb disk and 1mb bandwidth.. I can easily create an unlimited usage account on your server. (If you allow overselling, which most people do.)

 

[cPanelDavidG]

It seems like any reseller can easily use unlimited bandwidth and disk space, regardless of what limits are specifie in the reseller center?

It's simple:

1. Log into WHM as root and create a reseller account.

2. Log into WHM as the new reseller and a new cpanel account with unlimited disk space and bandwidth.

4. Now you can upload unlimited files to the new cpanel account, and it has unlimited bandwidth.

Am I missing something here?

This unlimited account that was created as the reseller, was this created by means of a package (with unlimited disk space etc.) or by manually specifying account limits for this account?

 

[electric]

This unlimited account that was created as the reseller, was this created by means of a package (with unlimited disk space etc.) or by manually specifying account limits for this account?

Either way is the same. As long as the account has "unlimited" as the disk space limit and "unlimited" as the bandwidth limit...

... then the account has no limits. (ie: "unlimited")

Your thoughts?

 

[cPanelDavidG]

Either way is the same. As long as the account has "unlimited" as the disk space limit and "unlimited" as the bandwidth limit...

... then the account has no limits. (ie: "unlimited")

Your thoughts?

Please paste the ACL (or list every permission this reseller has on the Edit Privileges/Nameservers screen) for this reseller.

 

[electric]

Please paste the ACL (or list every permission this reseller has on the Edit Privileges/Nameservers screen) for this reseller.

Account Information

• List Accounts
• View Account Bandwidth Usage

Account Management

• (Un)Suspend
• Change Passwords
• Create
• Edit MX Entries
• Manage Frontpage®
• SSL CSR/CRT Generator
• SSL Site Management
• Terminate
• Upgrade/Downgrade

Dns

• Edit
• Park

Packages

• Add/Remove
• Edit

Troubleshooting

• Troubleshoot Mail Delivery

cPanel Management

• News Modification

Accounts

• Prevent Accounts from being created with shell access

Package Access

• Allow the reseller to use all global packages (global packages are any packages without a "_" in them)

Packages Creation

• Allow Creation of Packages with Addon Domains
• Allow Creation of Packages with Parked Domains
• Allow Creation of Packages with Unlimited Features (ie. unlimited pop accounts)

Account Management

• Account Modification (warning: this will allow circumvention of account creation limits, give shell access unless explicitly disallowed, dedicated ips, etc)
• Bandwidth Limiting Modification (Warning: This will allow circumvention of account package limits if you are not using resource limits)
• Quota Modification (Warning: This will allow circumvention of account package limits if you are not using resource limits)

Please note that being able to specify a limit of 999999999999mb is essentially the same as "unlimited".

 

[cPanelDavidG]

Here are your troublesome privileges:

Account Management

• Account Modification (warning: this will allow circumvention of account creation limits, give shell access unless explicitly disallowed, dedicated ips, etc)
• Bandwidth Limiting Modification (Warning: This will allow circumvention of account package limits if you are not using resource limits)
• Quota Modification (Warning: This will allow circumvention of account package limits if you are not using resource limits)

Please note that being able to specify a limit of 999999999999mb is essentially the same as "unlimited".

Granting the "Account Modification" privilege effectively gives your reseller the ability to create accounts with essentially unlimited disk space/bandwidth.

I have discussed this issue at length internally and it is something we are considering for modification in the long-term.

To avoid this issue, the current design requires removing all permissions under the "Account Management" section.

 

[electric]

The reseller can still create a package with diskspace and bw limits of 999999999999999.... and that is basically unlimited usage.

So removing Account Management permissions does not fix this problem.

 

[cPanelDon]

The reseller can still create a package with diskspace and bw limits of 999999999999999.... and that is basically unlimited usage.

So removing Account Management permissions does not fix this problem.

To better enforce disk space and bandwidth transfer limits please ensure that overselling is not enabled for the reseller.

 

[electric]

To better enforce disk space and bandwidth transfer limits please ensure that overselling is not enabled for the reseller.

Sure, except that makes it pretty difficult to offer any kind of competative reseller plans....

Just for your info, we actually do not oversell. We *do* have the "allow overselling" checkbox enabled for our resellers. However, as the server owners, we don't actually oversell our own diskspace which we've alloted to them in their reseller resource allocation limit.

But asking our resellers to not have overselling capability is not a good solution in todays very very competative hosting market.

I think if you did a quick survey of cpanel reseller settings, you'd find the vast majority of resellers have oveselling enabled.

So that makes your solution pretty difficult to swallow.

Any other ideas? Is cPanel going to implement some kind of monitoring feature so that admins/resellers can at least receive an email if the reseller is going over their disk/bw limits? Surely it can't be that difficult to do this, since you already do a disk/bw check for individual cpanel accounts. Why not just add up all disk/bw usage for each reseller account and do the same thing for resellers?

Otherwise.. we wind up with some reseller using up a huge amount of disk or bw and there is no way to know until server reaches its limits... and even then we must manually go through every reseller account stats page to see what is being used.

Let me know if cpanel is planning this.

 

[Infopro]

You want to or do now offer reseller plans that allow overselling, but do not actually allow them to oversell, or at least, you'd like a way to monitor the overselling, is that right?

cPanelDon's suggestion is the way to go then.

I don't have the time to test this, but what if you unchecked the "Overselling Allowed" beside the Disk Space box at top, keeping them inside their space? let's give them 50MB total (to test of course, and easy to fill it for testing purposes) and then under Package Privs > Packages Creation down below, you ticked these:
Allow Creation of Packages with Unlimited Bandwidth
Allow Creation of Packages with Unlimited Diskspace
Allow Creation of Packages with Unlimited Features (ie. unlimited pop accounts)

What happens then when the reseller creates 1 unlimited package, and then sets up an account using it? And then he uploads or tries to upload 100MB file? Does that first accounts cPanel show unlimited on left menu? (It's sounds to me like this is what you seek here at the end of the day, you want it to show unlimited to the end user)
What happens when he sets up a second and third unlimited account and that first account is maxed out on his unlimited space, due to resellers limits in place overall?

I can't answer most of that without testing it myself. But it appears to me the tools are here for you to do what you want.

I think. :p

 

[electric]

That won't work.

As long as the "allow overselling" checkbox is checked in the reseller's resource limits... the reseller can create a cpanel account with practically unlimited diskspace and/or bandwidth.

My point is that this isn't good for any server owner, because there is literally no way to prevent your reseller from using ALL your server diskspace and/or bandwidth unless you:

1. Do not allow overselling. (ie: Do not check the "allow overselling" checkboxes.)

- or -

2. You manually monitor every reseller's disk and bw usage.. since cpanel is not capable of doing this automatically. (This won't actually prevent the reseller from using all your diskspace or bandwidth, but it will allow you to see if they are being bad and using more then you have alloted for them.

Here is a challenge for anyone who doesn't believe me:

- Create a normal reseller account on your server, just like it was for normal. Make sure it has disk space and bw overselling enabled.

- Send me a PM with the reseller WHM un/pw and I will create an account with practically unlimited diskspace and upload huge files to the server, so that you can see for yourself that this is possible.

 

[cPanelDon]

Any other ideas? Is cPanel going to implement some kind of monitoring feature so that admins/resellers can at least receive an email if the reseller is going over their disk/bw limits? ...
Let me know if cpanel is planning this.

We are aware of the requested need for server owner notification when a reseller exceeds a defined resource limit while overselling is enabled for the applicable resource (e.g., disk space or bandwidth transfer); we have an active internal case open for this feature request with tracking ID #17610.

Please consider posting other or additional ideas as a feature request in the following forums area; this will help ensure more attention (as a feature request) and more organized discussion to the specific nature and detail of the feature or enhancement needed:
Feature Requests for cPanel and WHM - cPanel Forums

As a friendly reminder, please keep in mind to have one feature request per thread in the above forums area.