User has access to ALL accounts of server

ruber · Feb 26, 2008

An user of my server, when it access cPanel, opens the "root" cPanel, with all features and the list to choose any account of the server. I had tested other accounts, but happens only with this customer. What can I do to solve this? It's a critical security hole on my cPanel, I changed the customer's password to avoid the access until I can fix this...

BianchiDude · Feb 26, 2008

Do they have UID 0? Is there password the same as your root pass?

Infopro · Feb 26, 2008

Sounds like you made the account a master reseller.

cPanelKenneth · Feb 27, 2008

ruber said: ↑

An user of my server, when it access cPanel, opens the "root" cPanel, with all features and the list to choose any account of the server. I had tested other accounts, but happens only with this customer. What can I do to solve this? It's a critical security hole on my cPanel, I changed the customer's password to avoid the access until I can fix this...
Click to expand...

If you changed the password and that disabled the behavior, then it sounds like his password was the same as the root password. If that is the case, then the following tweak setting is what is causing this:

Disable login with root or reseller password into the users' cPanel interface. Also disable switch account dropdown in themes with switch account feature.

Otherwise it may be as Infopro stated.

ruber · Feb 28, 2008

cpanelkenneth said: ↑

If you changed the password and that disabled the behavior, then it sounds like his password was the same as the root password. If that is the case, then the following tweak setting is what is causing this:

Disable login with root or reseller password into the users' cPanel interface. Also disable switch account dropdown in themes with switch account feature.

Otherwise it may be as Infopro stated.
Click to expand...

No, no...

I changed the password until this is solved, and the customer is not accessing his account until I change the password back and tell him. The accounts still appears, even with other password. I changed the password of another account to the same of that, and cPanel works fine, accessing only its account, not any other.

The problem occours only in ONE account, even changing password, recreating the account... How I can see this "Master Reseller" option? This account isn't a reseller.

cPanelKenneth · Feb 29, 2008

What is the UID of this user?

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

User has access to ALL accounts of server

ruber Member

BianchiDude Well-Known Member
PartnerNOC

Infopro cPanel Sr. Product Evangelist
Staff Member

cPanelKenneth cPanel Development
Staff Member

ruber Member

cPanelKenneth cPanel Development
Staff Member

Bulk Overwrite .htaccess file in all user accounts?

Disable user access_log

Create additional users with restricted access permissions?

Adding shell access for users questions

Install software and make it accessible to users?

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

User has access to ALL accounts of server

ruber Member

BianchiDude Well-Known Member PartnerNOC

Infopro cPanel Sr. Product Evangelist Staff Member

cPanelKenneth cPanel Development Staff Member

ruber Member

cPanelKenneth cPanel Development Staff Member

Bulk Overwrite .htaccess file in all user accounts?

Disable user access_log

Create additional users with restricted access permissions?

Adding shell access for users questions

Install software and make it accessible to users?

Share This Page

BianchiDude Well-Known Member
PartnerNOC

Infopro cPanel Sr. Product Evangelist
Staff Member

cPanelKenneth cPanel Development
Staff Member

cPanelKenneth cPanel Development
Staff Member