Version control and any cPanel features that modify files like IP Blocker

[spaceman]

Hi All,

There are plenty of cPanel features/functions that allow the direct modification of files on a live ('production version') hosting account.

The most obvious/dangerous one is File Manager which can pretty much allowed the CRUD of any file or folder.

Less obvious, maybe, are features like IP Blocker that directly modify the .htaccess file. It probably wouldn't be hard to create a comprehensive list of all available cPanel feature that allow direct modification of hosting account files.

Cutting to the chase: is it just me, or is this "power" fundamentally (often in the hands of less technical folk) at odds with any hosting account that is managed using version control? If files are modified directly on the live site, isn't this a recipe for such modified files to get overwritten (and the changes made by cPanel undone) the next time code is pushed to the hosting account from the code repository?

How do others manage this situation, i.e. where the hosting account owner DOES want their cPanel control, but the site is under version control? Of course one answer is simply to disallow cPanel access to anyone whose site is under version control. Or is there some way for the two needs to happily co-exist?

Thanks,

Ross

 

[cPanelMichael]

Hello Ross,

The File Restoration option in cPanel somewhat alleviates this concern because it allows cPanel users to restore individual files (as long as backups are enabled on the server). That said, I certainty understand your concern that cPanel users may modify or remove files via File Manager and request support when the files are unexpectedly returned to their previous state through the Git Version Control feature. A feature request for File Manager to display a warning when a cPanel user manages a file or directory that's part of a cPanel-managed repository could help increase awareness. Could you open the feature request and post the link here once it's submitted?

Thank you.

 

[spaceman]

Thanks for your feedback on this, cPanelMichael.

I think your feature request suggestion for File Manager would chip away at the issue a little.

But IMHO, optimal is to have such a warning for *any* cPanel feature that makes changes to any aspect of a hosting account that is vulnerable to getting overwritten by version control. File Manager is by far the most obvious tool, because it's obvious mission - maybe even to a non-tech user, is to make changes to a hosting account.

So on one level I'm more concerned about features - like IP Blocker (and surely many others?) - where it's far from obvious, sometimes even to a more technical person, that changes are going to be made to the hosting account that are vulnerable to being overwritten *if* the account is managed with version control.

Of course the ultimate protection against this issue is to 100% disallow (not just to warn) anyone - clients or developers - from using cPanel tools, or perhaps ONLY the tools that have the ability to make changes to the hosting account that are vulnerable to be overwritten by version control.

Am I making sense, @cPanelMichael ?

 

[cPanelMichael]

Hello @spaceman,

Yes, that makes sense and I do see the value in what you are seeking. I recommend sharing or pasting that information into a new feature request and sharing the link here once it's approved so we can begin sending the link with other users reporting similar concerns/requests.

Thank you.

 

[spaceman]

Thanks. Idea added here, and cross-reference back to this discussion.

https://features.cpanel.net/topic/s...that-might-get-overwritten-by-version-control