The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WHM Root & System Root Accounts

Discussion in 'General Discussion' started by C4talyst, Jun 28, 2008.

  1. C4talyst

    C4talyst Well-Known Member

    Joined:
    Jun 21, 2008
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Do the WHM root user and the actual system root user accounts always have the same passwd? I don't see where to set a separate root account password in WHM. I'd like to give some employees root access to the control panel, but not SSH/Operating System.
     
  2. UBERHOST

    UBERHOST Well-Known Member

    Joined:
    Jan 13, 2008
    Messages:
    102
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    California, US
    Yes, same password.

    Easy, don't allow password authentication for SSH--use authentication keys instead. This will improve security overall plus keep your WHM root users out of the shell. If you use PuTTY for shell access, open up the help file and read Chapter 9: Using Pageant for authentication.
     
  3. C4talyst

    C4talyst Well-Known Member

    Joined:
    Jun 21, 2008
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Hmm, that's kinda weird from a security perspective. I will use keys if I have to...thanks!
     
  4. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Note, root-level users in WHM do not have sudo access to the system. Other than user root, there is no correlation between WHM and system privileges.

    Regardless, I recommend the use of passworded keys for any SSH access.
     
  5. VanBond007

    VanBond007 Registered

    Joined:
    Nov 13, 2008
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    sudo WHM would be preferable

    You can add sudo users to the wheel group via something as simply as adding users toto stevie & penelope to:
    /etc/groups sys:toto,stevie,penelope

    And, they can read files assigned to the sys group (or mail, adm, whatever...) and any other groups to which they are added.

    Adding this to /etc/sudoers using visudo to group wheel is helpful, too:
    %wheel ALL=(ALL) ALL

    But, the most relevant reason to implement sudo is so the dude with ownership of the machine doesn't have to give the root user's password away to his support staff (her support staff). WHM, should recognize this at the system level just as it recognizes the root user.

    What mechanism does WHM use to authenticate the root user? I don't know, since my client set it up, and may have applied the same password to the WHM interface during setup as is used by the root user on the system.

    Are they different? Is there a db that contains the root user's password, and what port does it run on (assuming mysql and not the default 3306)?

    I could grep code to find this, but if someone knows off-hand, I could take it from here, but to the larger point, these should be the same to minimize external coding for authenticating to whm as opposed to a login at shell.

    Keys are a really good idea, especially if you still maintain passphrase or login authentication. Keep the 2 different, and it's gonna be tough for someone to compromise you.
     
  6. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    root in WHM is the same as root via SSH (it's the same system user). On Linux, the password is stored as a hash in /etc/shadow.
     
  7. VanBond007

    VanBond007 Registered

    Joined:
    Nov 13, 2008
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Log in as UNIX User / Not As Root

    But, the most relevant reason to implement sudo is so the dude with ownership of the machine doesn't have to give the root user's password away to his support staff (her support staff). WHM, should recognize this at the system level just as it recognizes the root user.

    Thanks for the response, cpanelkenneth. I want to log in as a UNIX user, and once in WHM, do the same things as if I were logged in as root, but still have the same rights: wudo for WHM.

    I don't want to give my admins the root password? It does not appear WHM allows a regular user to log in, regardless of any sudo implications.
     
Loading...

Share This Page