The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Urgent Assistance Required! - Client access appears identical to root/Admin

Discussion in 'Security' started by lukeydook, Nov 9, 2010.

  1. lukeydook

    lukeydook Registered

    Joined:
    Nov 9, 2010
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I need urgent assistance.

    For some reason about 75% of my clients accounts, when they login, they are root and can view all accounts!

    Luckily, I have honest clients who have let me know.

    Any ideas anyone?
     
  2. javiercampos

    javiercampos Well-Known Member
    PartnerNOC

    Joined:
    Jan 12, 2010
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    /tmp
    cPanel Access Level:
    Root Administrator
    would recommend running the following command:

    /scripts/upcp --force

    If the problem persists, you should check the permissions on Reseller center.
    Also you can contact me at msn javiercampos@espacioweb.cl
     
  3. lukeydook

    lukeydook Registered

    Joined:
    Nov 9, 2010
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Thankyou very much.

    Going to try this now.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,447
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    When they login, where, exactly? And how do they know they've got root privileges?
     
  5. lukeydook

    lukeydook Registered

    Joined:
    Nov 9, 2010
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    It is asif they have logged in as root.

    It says "You are logged in as root" and it shows the accounts in a dropdown above the main cpanel icons as it would if you were logged into root.

    It is asthough the accounts have root access, yet not all of the accounts have this - only about 75%

    I've logged in with their details to check and it does the same.
     
  6. lukeydook

    lukeydook Registered

    Joined:
    Nov 9, 2010
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Just so you are aware, this did NOT fix the issue.
     
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,447
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    What version of cPanel? I don't have a server running anything less than CURRENT here.

    In Tweak Settings > System tab > Accounts that can access a cPanel user account, whats that set to on yours?

    Previous versions it was titled "Disable login with root or reseller password into the users' cPanel interface"

    I'd disable this, or set it to cPanel User Only (depending on your version of cPanel) for now. Next go check who owns the accounts who believe they have root. Are these all reseller accounts by chance?
     
  8. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Please ensure that no other user or reseller has the password as root; to accomplish this, I recommend using the password generator to create a new root password of sufficient strength.

    Alternatively, as Infopro mentioned, you may restrict using the root password to login as a user in cPanel & WHM (i.e., using the root password instead of the cPanel user's password).

    Here is the applicable menu path for cPanel & WHM version 11.28, specifically in WebHost Manager, with linked documentation:
    WHM: Main >> Server Configuration >> Tweak Settings >> System
    Accounts that can access a cPanel user account: [?] This setting specifies who can access a user’s cPanel account. Account-Owner refers to the particular reseller that owns the user account.
    • Root, Account-Owner, and cPanel User default
    • Account-Owner and cPanel User Only
    • cPanel User Only
     
    #8 cPanelDon, Nov 9, 2010
    Last edited: Nov 9, 2010
Loading...
Similar Threads - Urgent Assistance Required
  1. superdmon
    Replies:
    5
    Views:
    452

Share This Page