Allow Linux groups to be owners for List Accounts
Let me start with me describing our initial intent. We host a WHM environment that multiple people log into. These people are have different company roles and only need access to certain services within WHM. As of now, the people that need access to WHM login directly with root. This is what we are trying to avoid.
We found cPanel documentation for adding a WHM reseller account without an associated domain. This works great when giving service functions to accounts, with one exception. We cannot limit which Reseller user can see in regards to specific List Accounts. As of now, we have 2 test accounts in our WHM console, uriah and trent.
Is there a way to create a Linux group, say 'webdev', and add uriah and trent to this group and tie it to certain list accounts?
This is what we have tried:
Manually add a group called webdev and add uriah and trent to this group.
getent group webdev displays: webdev:x:1157:uriah,trent
Manually configure a test list account wildricedirect by doing this:
Changing OWNER=root to OWNER=webdev
(PLEASE NOTE: the above step worked for me if you just want to change it to a single account, like OWNER=trent but it does not work when working with linux groups.)
This updates the owner in the list account section for wildricedirect, however the group does not apply to trent or uriah's list accounts section in WHM.
Please feel free to ask me any questions or thoughts to what I am trying to accomplish.
Thank you for contacting us today! I apologize for the delay in our response as we are working through an elevated ticket load at this time.
While cPanel does use the system-level users for authentication and integration with the base OS, the definition of a Reseller user is exclusive to cPanel and does not use the Linux user/group system to accomplish this.
In order for an account to be displayed in the "List Accounts" for a Reseller user, the user must be the cPanel account's owner. This is why you are able to change the OWNER in the userdata to the "trent" user, and the account began to display in this user's List Accounts tool. However, an account can only be owned by a single reseller user, meaning you would only be able to set this accounts owner to one of the reseller accounts you created.
There is currently no alternative at this time to provide a Reseller that is able to list specific accounts such as this, or have multiple resellers list the same accounts. If this is a feature you would like to have implemented, I recommend submitting a Feature Request. The following provides information on this: How to submit a feature request
As a potential solution, it would be possible to instead have a single "webdev" Reseller user that is assigned as the owner of the accounts they manage. These users would still be able to access WHM as this user, and the features within WHM can be limited to the features that they require.
I also recommend the following article for information on changing an account's owner in WHM, as this is the recommended way to perform this action: How to change the reseller ownership of one or many accounts
I am confident the knowledge shared in the above article will guide you towards solving the issue you have outlined in this request. Would you please review the article and let me know if you have any outstanding questions or concerns? It’s been a pleasure working with you on this issue, and I hope you are satisfied with the experience!
Linux Technical Analyst I
You can help us provide you with rapid and accurate support by sharing step-by-step instructions to replicate the issue.