cPanel & WHM Version 78 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!
 

Multiple cPanel Logins (cPanel Subusers)

Nathan Lierbo shared this idea 6 years ago
Open Discussion

Support For cPanel Subusers


Small cPanel account owners may want to delegate specific tasks to be performed by somewhat trusted individuals but without full access to the cPanel interface. Reasons for this can include the following hypothetical situations:


- Small Businesses having a secretary, giving the secretary access to just creating and removing email accounts but not to editing the company's website.

- Web Designers that guarantee their work not wanting their hosting customers to re-code their website themselves then accuse the Web Designer of poor coding.

- A Small Business Owner that wants to delegate full access to the cPanel interface to a contractor, but be reliably able to revoke that access in the event that contract is terminated.


The features available to these subusers should be filtered using a utility identical to or very similar to Feature Manager and Feature Lists.


Subusers (which would very likely be virtual users) would have a login of username@domain similar to FTP virtual users and Email virtual users. The ability for matching user capabilities such as SFTP access could eventually be accommodated by features already being worked on like version 11.34's Pluggable Authentication.


Original thread: http://forums.cpanel.net/f145/multiple-cpanel-logins-cpanel-subusers-case-44353-a-77145.html

Best Answer
photo

Hey all! I have a flurry of questions about this feature request so I wanted to let you know: It's still on our list of 'features we want to get to', but it's not yet assigned a version. As soon as we have anything solid, I'll be back to let you know!

Comments (146)

photo
9

This is a feature that our customers keep requesting, be it to manage FTP accounts, e-mail accounts or access PhpMyAdmin securly there are lots of cases when this is necessary.

photo
4

Same thing here. It is a very important feature. My only reason to leave my current hosting, I can't outsource the jobs!

photo
7

Another common request is users asking for PHPMyAdmin access. Site owners want to give their developers access here but not the keys to the entire panel. I assume the "feature list" that was proposed should cover this but wanted to mention it anyways.

photo
3

I can't believe this isn't a feature yet. There must be another request somewhere that has more votes than just 1!

photo
6

We use CPanel in an academic environment and having this ability would be a HUGE benefit for departmental users with varying levels of web resource needs. Currently we use RVSkin to achieve this, but the management overhead it adds to CPanel is quite considerable. We would much prefer a CPanel native solution.

photo
4

Any update on when this is likely to be accepted ? The original thread in the forums had huge support over a period of six years so what more is needed to get this accepted ?

photo
2

This is absolutely necessary! I've been using cPanel for every project my company has ever done for 10 years but without this feature I will be switching to other solutions!

photo
2

I think this granular control over user privileges and sub-users of a cpanel user is needed and in the very increasing shared responsibility era this is becoming more common place where delegation of tasks occur but the philosophy of least permissions is still the norm.

photo
5

So this is a feature that have being requested since 2008 and here we are 6 years later still waiting for it.


Are you guys ever going to do it or may you at least tell us NO we will not do it so that we can stop waiting for it?

photo
2

I am VERY much in need of this for the auto-responder feature. It's odd that users can't create an auto-responder without logging on to cPanel. I would love to be able to have a user account they can use that doesn't give them access to everything.

photo
2

Still waiting and wondering why this is not a key feature already ?

photo
4

Even WHMCS has added this feature to their software. It seems like cPanel could start to lag behind on todays trends regarding authentication options if we can't get this feature pushed through soon.

photo
2

It would be a great add-on to have this feature added. Thank you

photo
2

Yes, that's a customer wise feature!

What do you think cPanel?

photo
2

Looking for this sort of feature so I can have multiple developers working on a site via the tools in cPanel.... looks like cPanel can't do this so ill have to go elsewhere....

photo
1

Double post

photo
1

This is one of the top feature requests that we get time and time again from our clients. Would love to see this become available soon (as in, this year).

photo
5

If this feature is added, it's important to also add auditing capability, too. (That is, the ability for cpanel to record/log all activity that is done by the logged-in cpanel user.) Otherwise, we will see no end of customers complaining about sudden changes to their cpanel account, when in fact it was done by one of their own cpanel users...


:)

photo
3

+1 this is essential. Cpanel is one of the only high level management apps out there without users => permissions => action logs. It logs accounts all day long, it should be the same for users. Other than that, its fantastic software. Thanks

photo
1

Agree! desperately need this!

For example, I want to allow a secretary to be able to reset/add/remove email accounts and nothing elsebut then i would like to give cpanel to their webmaster with full access to all features.

photo
2

It's a daily necessary feature...


If the first post is dated 1 year ago... when we can have this feature released?


Thank you

photo
1

I would really, really love the ability to delegate tasks to others much more easily.

I'd love it even more if this got released and became part of WHM too.

photo
2

I get requests for this from my client base regularly too. My client base doesn't generally need fine-grain controls, but they want to be able to share access. Having fine-grained controls would be icing on the cake.


Would be sweet if a developer could chime in on what the attitude/concerns/enthusiasm level in the developer pool is -- give us some idea if this is likely to get on the roadmap, etc.


Shout out to all the cPanel crew for the great product & all the hard work!

photo
1

We certainly think about this a lot. Ensuring the security of the system makes it a bit of a challenge...but we definitely understand that it's something people want.

photo
4

cPanelAdamF wrote:

We certainly think about this a lot. Ensuring the security of the system makes it a bit of a challenge...but we definitely understand that it's something people want.
I agree that ensuring security is a challenge, and to me is the absolute 1st priority when choosing a control panel, however I would argue that having to give full cPanel or WHM access to someone who only needs one or two tools/features is an even bigger security risks to hosts and their customers.

photo
3

cPanelAdamF wrote:

We certainly think about this a lot. Ensuring the security of the system makes it a bit of a challenge…but we definitely understand that it's something people want.
No question security is important but others have figured it out, surely you can too. Good that you're thinking about it, but it's been seven years that people have been asking for this feature. As you say, people want it. Will you deliver?

photo
1

Enable/Disable feature for ftp users would be very simple solution

photo
1

I too would love to see this option. Perhaps anyone going to the cPanel Conference can ask when this might be coming?

photo
3

As has been said MANY times before, in one way or another:


"I cant believe, and am still waiting and wondering why, this is not a key feature already?"

photo
3

+1


"I cant believe, and am still waiting and wondering why, this is not a key feature already?"

photo
1

i cant open this link http://forums.cpanel.net/f145/multiple-cpanel-logins-cpanel-subusers-case-44353-a-77145.html .

Can u help me ? Because i need it now. thanks

photo
1

Greetings confy, the old Feature Requests forum area has now been deprecated. That old thread is of no use any longer, it was located in the old Feature Requests forum. The most up to date details on this Feature, are right here.


Thanks!

photo
2

This would be an incredibly useful feature of cPanel and shouldn't be too hard to implement really.


Please consider it as a priority in future releases.

photo
1

Does anyone have any suggestions about how to achieve this ? I've actually been thinking about how this could be done myself and haven't come up with a viable solution yet.


Would they use system usernames with the main username as a prefix ? or would they store usernames and passwords in a MySQL database ? If they use a custom mysql interface all the existing securty measures would need to be converted etc.


PHPMyAdmin access is now quite easy to achieve from a custom interface using the API but what about all the other options… everything is currently based on if the user has access or not to do things.


I too have customers who rearly want this, but I have to admit that it's going to take quite alot of thinking to implement :)

photo
1

If you decide to make this happen,


please make it in a smart and efficient way, allowing all subusers to have a subset of the account's allowed feature list, so the default cPanel user, can manage subusers and make a subfeature list, which will be able to include a subset of his own / allowed feature list...


thanks !

photo
1

monarobase wrote:

Does anyone have any suggestions about how to achieve this ? I've actually been thinking about how this could be done myself and haven't come up with a viable solution yet.


Would they use system usernames with the main username as a prefix ? or would they store usernames and passwords in a MySQL database ? If they use a custom mysql interface all the existing securty measures would need to be converted etc.


PHPMyAdmin access is now quite easy to achieve from a custom interface using the API but what about all the other options… everything is currently based on if the user has access or not to do things.


I too have customers who rearly want this, but I have to admit that it's going to take quite alot of thinking to implement :)

this could be done if you would code a sophisticated auto-login wrapper system and make it redirect to different template that restricts in template level the features allowed, but still, thats not a secure or pro solution, only cPanel could make this happen properly

photo
1

Chris Nagios wrote:

this could be done if you would code a sophisticated auto-login wrapper system and make it redirect to different template that restricts in template level the features allowed, but still, thats not a secure or pro solution, only cPanel could make this happen properly

This is exactly what the third-party tool RVSkin does to create sub-users.


It's an ok solution; we use it, but with all the engineering going on with the new Paper Lantern interface framework it is VERY disappointing there has been no discussion from CPanel whatsoever about sub-user architecture being baked in to it directly - for a more robust/secure solution.

photo
4

7 years waiting for this feature - at this point, coupled with the fact that the most common response from cPanel that we get is to point us to this feature request, I can only believe this feature is never going to come to light. The need for this feature has passed the point of being a contemplated option. This "IS" a feature that is absolutely necessary to accommodate today's website development needs. I've used cPanel since Nick developed it and because this feature is still not available I actually have no choice but to move away from cPanel. I absolutely never thought this day would come. Because it has come to this, and knowing the huge task in front of us in order to convert to a new system, and as I let the proverbial cPanel door hit me in the back as I leave, I just feel it necessary to post my disappointment in cPanel for not taking this feature request seriously and making it available.


Businesses worldwide hire website developers to build their sites, through CMS's clients are able to completely manage their content without needing any html or programming knowledge at all. With CMS's we have the ability to provide separate logins and control what users can access. This prevents mistakes being made which can corrupt a website, curbs the temptation for curiosity clickers, and so on. Numerous scripts are available to us, which enables us to lock down and tighten the security of our CMS installs. At a click of a button, "all" CMS installs can be updated to their latest releases instantly without having to log into each website separately, or we have the option to make a global setting to immediately update all installs automatically without any user interaction.


The "only" missing tool that we are unable to give our clients is the ability to manage their email accounts - add/delete email addresses, forwarders, auto responders, spam settings, email passwords, etc. for their employees. In order to give them this ability we have to give them full access to the control panel for their hosting account:


- this in turn not only gives them full access to mysql databases which powers their websites, but to everything else they simply do not need access to

- it gives them access to change their control panel passwords, which then forces us to have to change that password every time we need to access their control panels for maintenance and then send the new password to the client, its either that or enable Root access level to cpanel access, both of which are not options due to security.


We tried giving this access to clients and it turned into a complete nightmare ranging from deleted databases, deleted cpanel files, deleted ssl certs, edited dns, just to name a few. Yes we have multiple account packages created, but we would literally have to create numerous packages in order to disable/remove as many features as we can, and to still accommodate all the clients that design/manage their own sites, resellers that have their own clients, etc. However, the bottom line is, we would still have to allow access to sensitive features that are needed for the account, such as, and most importantly, mysql databases, account passwords, thus making it pointless in creating all those unnecessary packages in the first place.


The last response from cPanel "We certainly think about this a lot. Ensuring the security of the system makes it a bit of a challenge...but we definitely understand that it's something people want." and as another cPanel user pointed out "No question security is important but others have figured it out, surely you can too." …because others have done it, not only in other control panel systems, but even in CMS's that we've been using for many years without any security issues at all, I can only believe at this point that it is out of laziness, and lack of willingness to prioritize this much needed, and long over due feature, as being why cPanel has not made it available.


So that's my 2 cents worth. And before some of you want to jump to crucify me in defense of the cPanel developers, please bear in mind that I have been a loyal user of cPanel since near its conception and it is only due to wanting to keep my client base rather than lose them to a competitor that offers what most will consider such a minute feature, that has brought me to the decision of moving on. Do I believe that other control panels are better?...other than having this one feature…I absolutely do not and actually dread sacrificing features that are only important to us in order to afford this one, but obviously very important feature to our clients.

photo
2

Yes, with granular rights please.

photo
3

cPanelAdamF wrote:

We certainly think about this a lot. Ensuring the security of the system makes it a bit of a challenge...but we definitely understand that it's something people want.
It's been wanted for years and all I've ever seen is we'll consider it - if its not going to happen then it would be good if someone would state this rather than the usual generic reply.


The problem is that a lot of web developers I've found want access to cpanel but sometimes I feel a bit risky doing this - I had a web developer that started adding unwanted code into stuff once with access to cpanel they could do more damage.


The ability for not just user accounts but user accounts with different cpanel access alongside a main master account would fix this. It's something pretty simple.


If security is an issue you could add ways to authenticate people e.g. two step authentication.

photo
2

Paldrion wrote:

Yes, with granular rights please.
+1

In 2D, by scope of:

  • Delegation = admin / group(s) / self
  • Operation breadth and depth = All / module(s) / function(s)

The regular RACI stuff!

Can make for complications, but it is not without precedent.

photo
2

Sadly I had this feature on another hosting company and it was great to use. I believe its a greater security risk to be forced into giving out our main user and pw to subs then it is to add the feature on.

photo
2

I can't believe this isn't a feature yet.

Simple solution dissociate the cpanel login from the actual user Ex a user test on the server can be login by serveral users ex toto@test.com and restrict the acess to the interface only

the usergroup thing seems complicated could be better.

Could also create other problems / complications

photo
3

This is definitely a feature I would love to see.


1. Users may want to delegate limited access to their account. For example allowing someone to only manage email accounts or security settings. Right now our customers are sharing their main account, and then the person they shared it with decided they weren't friends any more and breaks everything (thank god for backups).


2. Giving my support operators full access to WHM seems over the top (not that I don't trust them, but the chance that something breaks is pretty big), it would be great if users could create a support sub-account (or have one automatically generated) for my operators to use.

photo
5

Please add the feature that so many people keep asking for, It's a shame that this has not been done yet, Don't estimate the total by simply looking at the number of people that have voted. They are way more. And it is going to help every single cpanel administrator

photo
4

As a CPanel sysadmin this is a glaring omission to an otherwise very well-rounded product. Being able to grant partial account access to users who only need to manage databases or email, for example, is increasingly going from a nice-to-have feature to an absolute must-have.


Hope to see this incorporated soon!

photo
3

Agreed. There's a lot of work arounds, like plugins for managing cPanel email accounts from a WordPress site, but what a house of cards.


If I tell my hosted clients that they can create new cPanel users & pick & choose what they have access to, that would make sense. Both WHM and Softaculo already have packages that can be assigned to cPanel users. If the primary cPanel could create users on the same domain and then pick & choose which icons are available, my world would be greatly simplified.

photo
2

I would agree more with options to split service between multiple accounts, for instance, having an account just for email services, another just for website etc.


This way we could even run email and websites on different serves, fulfilling both the need to delegate specific tasks and at the same time allowing is to increase redundancy and optimize servers.


It could also be a master login able to centralize everything from multiple machines, but that's more complex.

photo
2

I'm not cPanel user primarily because of lack of this feature. Many hosters use cPanel and I won't choose them in favor of small number of ones who provide multiple admin/manager accounts.

photo
3

"Any update on when this is likely to be accepted ? The original thread in the forums had huge support over a period of six years so what more is needed to get this accepted ?"


A quote that we left well over a year ago ! So, eight years and counting and in the last two years one small reply from a cPanel employee saying they are thinking about it.


CPanel ask for people to make suggestions and of course they cannot do all of them immediately but some feedback every now and again would be useful - the lack of feedback gives the appearance they dont care at all and stops people making suggestions

photo
2

"Any update on when this is likely to be accepted ? The original thread in the forums had huge support over a period of six years so what more is needed to get this accepted ?"


A quote that we left well over a year ago ! So, eight years and counting and in the last two years one small reply from a cPanel employee saying they are thinking about it.


CPanel ask for people to make suggestions and of course they cannot do all of them immediately but some feedback every now and again would be useful - the lack of feedback gives the appearance they dont care at all and stops people making suggestions

photo
3

I honestly couldn't agree more with what you've just said. This has been requested for far too long, and I too feel like this system is here for pointless hope and that they're just another greedy commercial company that's more focused on their shareholders than improving the product for those who use it the most. I think I'll have to start opening my mind to other control panels that provide such functionality, even if it does an entirely new learning experience.


We're now in a world where technology is advancing quickly, to a point that things like multiple accounts are becoming far more prominent and popular on mobile phones and there isn't a single computer OS I can name that doesn't support multiple accounts. Other control panel solutions have it, almost every PHP script has it... why not cPanel? Why am I forced to choose giving someone access to nothing or everything, in a decade where there are more choices on everything than ever before?


cPanel, catch up.

Oh and change this system so I login before I type everything out. -.-

photo
2

This would be an amazing feature.


Sometimes I need to hire a freelance web developer to do certain things I can not do but I don't want to give them full access to my PHP framework.


I am able to limit their FTP access to the files, but they need to be able to access the database as well.


It would be great if I could add another user to the cPanel account, and then give them access to phpMyAdmin along with their FTP account.

photo
1

Double post.


Don't think this site likes Safari. It didn't clear my comment box, and my post didn't display on the page.

photo
2

Granular control over user access is an essential security requirement. It should be possible to select exactly which functions each user is able to control.

photo
2

This is absolutely essential. Along with this, we need detailed logs on which user performed operations.

photo
2

Clearly no one from cpanel is listening. This thread has been running for years and there hasn't been a move to address the issue.

photo
2

Lol. I find this a bit odd too. Why would the premier management console neglect to acknowledge theeee most obvious missing feature of all time? Is there something they are not sharing about their struct that makes this too difficult to accomplish? Is there something about CSRF tokens (that already exist for 1 user) that wouldn't work for sub-users too?

photo
2

+1 for this but... 2 years and still open for discussion? Hmmm... *lost hopes*

photo
1

I think it's actually been more like seven years with no action!!

photo
1

I think it's actually been more like seven years with no action!!

photo
2

Certainly as long as I've been using cPanel -- and that was about 2008 or 2009, I've been wishing for this feature; I don't really get it -- granular is a commonly supported thing, there are no computer science mysteries for how to get such a thing done, and while it may be architectually inconvenient, surely if you put it on the road map, at some point you will be able to evolve the product to the point where it's doable.


cPanel team, I don't ask for much, and I love so much about the product (I've had to support Plesk too; believe me, I'm generally very happy with the product, and commonly can be found singing the praises of the product!), but if you could give us some feedback on this one point, it would be lovely.


Thanks,

-Cedric

photo
3

As of late, I really would like to give out granular access to sub accounts, so they do not control my entire cpanel account and all of my domains.


We would love this feature to be at least commented on so we know we are being heard :) Its gotten over 200 votes! Come on cpanel...

photo
1

Hear that? It's the sound of crickets? That's all we're going to hear. C-Panel is clearly not interested in its customers concerns.

photo
3

First of all, it is called cPanel, not C-Panel. This also isn't the

place to

complain. This is the place to leave productive comments, and ideas for

this particular feature request. I'm pretty sure nobody will listen to

you if you don't know what to call the product you are bitching about,

however.

photo
1

People have been leaving productive comments here about a much needed feature for years. There has been no response from "cPanel." The complaints have only come in response to their silence. I'd be happy to hear from someone at the company who can speak to the status of this request.

photo
1

You and some other talk about these options like they are SUPER easy to add and develop ... if you think that then just develop new control panel in 1 week with all options you wish ...

photo
1

You and some other talk about these options like they are SUPER easy to add and develop ... if you think that then just develop new control panel in 1 week with all options you wish ...

photo
1

Who said anything about producing this feature in one week? People on this forum have been asking for a multiuser capability for at least seven years. This discussion group is supposed to be the place where users put forward ideas they'd like to see implemented. They've done so and they been met with silence. cPanel should just close down the forum if they're not serious listening to customers' interests.

photo
1

This is not the place to air your concerns regarding how cPanel maintains this system. It's taking it completely off-topic.

If you need to air a grievance regarding cPanel's response (or lack of!), try the forums. They're great for sparking user debate!

cPanel will deal with this as and when humanly possible. This request was opened 2 years ago and has had a cPanel response in the past. Head over to the forums and give them a nudge if you feel another response is due.

Have a good day everybody.

Peter.

photo
1

@Mr. Obby you seem to be taking a single issue here and assuming it's representative of the entire system. Plenty of feature requests here have been completed; I've watched them. This just isn't one of those requests. It's frankly embarrassing that such an obvious feature has been requested and un-acknowledged for so many years, but they are working on other things. I do think that this is a core feature set and should be a top priority over their Paper Lantern changes and EasyApache updates and all the other cool things they've been working on lately, but I wouldn't go as far as to say that they ignore this forum or should shut it down.

photo
1

@DanH42 It is quite representative, in my experience.


I subscribe to a number of 100+ requests and none have really gotten any traction or comment by cPanel. Of the feature requests which have gotten traction, they often have very few votes (read: single digits) - showing an internal process for deciding the merit of release features that has very little to do with any feedback on this site.


While the lack of attention for subuser support is baffling - it's no more so than distributing a version of Munin in WHM that is increasingly broken and was rendered obsolete in 2012 - and the feature request to touch that sleeping critter has deeper layers of dust than this one.


It's just the way they roll. :P

photo
photo
4

I'm sorry to leave my own "spam" reply, but good grief, I'm now getting spammed by replies to this topic.


cPanel obviously doesn't listen. We still use them because they're the only reasonable solution. So congrats on that, cPanel.


Meanwhile, thanks to the rest of you for spamming this topic with all this jabber. And yes, I realize the hypocritical nature of my own reply here. But I'm hoping that it'll quell future replies. I won't know because I'm unsubscribing from this feature request.


The other reason for this reply is just to express my irritation at cPanel for being so terrible at communication. That's 20th century thinking, at best. Features - at least things we customers see - come so slowly. The new theme is great - but why does it still take multiple page loads to get anything done? I should be able to add/remove things like mailboxes and forwarders on a single page without a stupid page load for "Are you sure?" and "Okay, I did it" and then clicking back to go to the list of things.


cPanel is amazing in many ways. And amazingly clunky in so many other ways.


Anyway, sorry again to spam up this thing with another reply like I'm complaining about, but I accept my hypocritical role - and apologize for it. Peace out. :)

photo
3

There's no update on a feature like this?


I'm actually surprised this wasn't built out long ago. It'd be such an essential feature for designers and developers working in teams. :)


Please implement this feature cPanel! Love what you guys are doing here.

photo
2

I think this would be fantastic.


Please implement it! :D

photo
1

I think this would be fantastic.


Please implement it! :D

photo
2

I think this would be fantastic.


Please implement it! :D

photo
3

Please implement.

photo
3

Please implement.

photo
2

This idea was shared more than two years ago.


Can we really expect this to be implemented?


I would love to have this feutured...

photo
2

This idea is great, especially for those who use XMLAPI

We can use a new user without losing the security we need

photo
2

Two years ago and cPanel still hasn't made a comment. I really can't understand why this section is on their website in the first place if they're not willing to keep up with what the community wants. I may need to consider another control panel solution altogether as I am sure there will be more out there that will honor community suggestions a lot better than it looks like cPanel does!

photo
1

The only improvement I have noticed without looking myself - excluding security - is new logos!

photo
2

As much as this would be useful, I have to play devils advocate for a moment. We need to remember that cPanel is only a management tool for linux servers; it works within the confines of how linux itself works. When you create a cPanel account, you are creating a linux user, who generally owns all of the files and data associated with said account.


There are not only logistical issues raised by that fact, but security ones as well. The actual files on the system which contain your email (for example) are owned by the same system user ID that owns your website files. If you give someone the ability to make only FTP accounts, or to access the document root to edit the website, they could pretty easily access your email among other things. Granting even limited permissions to a user could very easily result in them just working around that into areas you do not intend them to have access, simply because their actions could create, access, or modify files owned by the primary cPanel/linux system user.


Even if this were done by making multiple API users or something of that effect for a cPanel account, it doesn't take much access to API calls over an account to gain yourself access to the rest of the account. I cannot speak on cPanel's behalf, but this is what goes through my mind every time someone comments on this request. I can see the value in this idea, however, I cannot really think of any easy way to implement it functionally or securely without a serious overhaul of how cPanel handles permissions and ownership of files and directories on the operating system itself.

photo
1

Quizknows, if that's the problem, why doesn't cPanel just say so? Then we can all find another system to use. Why the silence?

photo
1

Plesk gives us this functionality on linux

photo
1

Plesk works fundamentally differently than cPanel does, especially from a file ownership perspective.

photo
1

Yes. I know but not much differently. Also Plesk offers such features which we are requesting to cpanel from long time like nginx support, dropbox backup support are major things

photo
1

Yes. I know but not much differently. Also Plesk offers such features which we are requesting to cpanel from long time like nginx support, dropbox backup support are major things

photo
2

Last time I checked (quite a few years ago) Plesk stored all passwords in plain text in their database. I'm not sure we want to follow their security model.


Plesk also stores e-mails outside user accounts which makes it easier to provide such functionality while making it not as good as cPanel in some ways too.


From our point of view it's not just a matter of limiting cPanel's interface, a website only user mustn't be able to access the mail directory.

photo
photo
1

We are looking into solving this by having a seperate server for e-mails. This way our customers can give access to the website management without allowing their webmaster access to their e-mails, or a webmaster can give access to his customers to manage their e-mail addresses without them being able to access the hosting.


If I were cPanel I think I would solve this by creating two cPanel users, if they were to allow the creation of a website only account and an e-mail only account on the same serveur it would solve the problem.


Admin user has a WHM accoun that can access both e-mail and website account. We will soon have this working by using seperate servers, the only issue that will remain is allowing an admin user access to both accounts as they will be on different serveurs. We plan to leverage cPanel's API to achieve this.

photo
3

As a general observation, I don't think anyone here is saying they consider this to be an overly simple or straightforward item to implement. It is simply that not having it somewhere on the roadmap is frustrating. For instance I just don't see how you can have serious conversations about OpenID logins, pluggable auth, two factor authentication, per-user customized PHP configurations while at the same time we have no supported method for deploying access control lists for what multiple users can do within an account space. Cpanel; We're seriously glad you are adding in-dash turn assist to this car, but... we desperately could use door locks. After all, OS user-permission abstraction isn't completely impossible - or resellers wouldn't exist.


Btw, @Monarobase, thats an inventive solution! And excellent points about the security ramifications as well. :D

photo
7

Good morning, all. We are currently investigating both UI and Security based concepts for "sub-users" of cPanel. As we make progress, we will be sharing wireframes and such to gain feedback from you all. Also, if you happen to be attending the cPanel Conference in September, I will likely be running around getting feedback on my iPad!


I just wanted to introduce myself and let you know that we are in the investigation phase of this work. Thanks, everyone!

photo
1

*Deleted Comment* - Reason: Incorrect post.

photo
photo
2

Glad to see this is In Progress now!

photo
2

Good morning! For all of you interested in participating, we will be opening up a user testing session in the next week or so in order for you to have feedback on the upcoming designs we are planning from a User Experience and Process Flow perspective. If you would like to participate, please let me know by filling out the following Google Form: User Testing Sign-Up


For those of you who have already sent me an email, I have already added you to the list. Thank you!

photo
1

Me wants! :)

photo
1

I'm game for that, Chip! Sign me up! Do you need any info?

photo
1

Me wants! :)

photo
1

You have mail!

photo
1

Emailed

photo
1

Sent, Thank you for let me participate

photo
1

i am interested

photo
1

Can I suggest using a way other than the comments to request participation in things like this? Maybe a notice at the top of the page?


When I comment on feature requests I also subscribe to them to keep up-to-date on any changes.


So far I have received 7 notifications of people saying "me" and "emailed", and I'm sure there will be many more posted as well.


So now I either have to keep getting e-mail notices to my phone all day, or unsubscribe from this feature request and miss any actual updates that will get posted here.


Don't get me wrong, it's great that you involve members of the cPanel community in testing out new features. I just don't think in the comments, where there is a risk of a user getting a LOT of email notices, is the best place to do it.


Just my thoughts.

photo
2

Thanks for your feedback, sherwin_flight. I have now made this into a sign-up form with Google Forms. It should cut down on the "noise". Sadly, our feedback forum does not have an easy way to solicit feedback except via a comment message. I hope the form will calm down the notices!


I encourage you to sign up for the User Testing as well: User Testing Sign-Up

photo
1

No worries, just thought I'd mention it for the future. I have signed up, and look forward to seeing what's in the works.


Thanks :)

photo
1

The next thing I'd like to see is digest mode for cPanel's new/current feature request system. We get 1 email each time someone posts. It is excessive. Weekly digests would be nice. Our only other option is to unsubscribe from hot topics, and though we do it, it's not the most desired course of action. We want to participate but not flood our inboxes with an email every time some on says 'oh, me too!'


Yes I should make my own feature requeat, but I am demonstrating the point.

photo
1

What I have seen other forums do is a notice that says something like "There are new replies to a thread you are subscribed to" when there is a new reply to the forum, but you only get one notification. You need to visit the forum, and read the new posts to that topic, before you'd get another notification about posts to that topic.


That way, if someone checks the forum often they'd get the email notifications frequently, but if they wanted to wait a week or whatever to check the forum they wouldn't get another notification for that topic until I real the replies that were already there.


Not sure if that makes sense or not.

photo
1

sure am game!!!

photo
1

sure am game!!!

photo
1

Oh, good point. Multiple emails on each double post is equally annoying.

photo
1

I just emailed you all with a new update.

photo
photo
1

Will multiple logins be one of the features you'll be testing?

photo
2

The first wave of testing will be User Experience for User/Account Management. We want feedback on the way in which we are designing the solution, since it is at the core of the problem. Our second wave will revolve around the "Sub-User" concept and access restriction in cPanel itself.

photo
photo
1

Some fantastic information today at the CPanel blog - anyone who is interested in this feature request should probably take a look:


User Manager and Unified Logins

http://blog.cpanel.com/user-manager-v54/

photo
1

There doesn't seem to be a user manager interface in X3?

photo
1

Check out this blog post https://blog.cpanel.com/its-time-to-say-goodbye-to-x3/

New features will be paperlantern only starting with cPanel 54.

Because of issues with tranlations being different (making it diffiuclt to support customers not knowing what theme they had) and because of new features not being planned in x3 as well as x3 being removed in cPanel 58, we made the move last week to enforce paperlantern. We first switched all x3 users to paperlantern then disabled theme switching.


We havn't had any complaints so far and have had a few customers who hadn't noticed it say how nice it looks. We will be making a custom theme when paperlantern gets to the stage where it doesn't evolve so much.

photo
2

This feature is mainly required for giving the control panel to web developers. They need only access to ftp, filemanager, database and phpmyadmin. The owner dont want to give full access to developers. Currently sub account for ftp is available. This login should be extended to cpanel with access to atleast filemanager, database and phpmyadmin.

photo
1

That is correct. I may want my designer to have access to the file manager but not to the databases or email accounts. I bet this feature should have some UI similar to the one used for the Features Manager for Hosting Packages that you can see at WHM level.

photo
photo
1

I agree, I don't know why access to databases was not one of the options. We can manyally give a developper access to an ftp account, but not access to PHPMyAdmin without giving them access to the e-mail accounts.

photo
1

Multiple Cpanel Logins is needed to manage multiple development teams who need access to the Cpanel.

photo
1

I don't understand why an account admin can't be allowed to grant others access to cPanel with separate credentials and modified roles. It seems like this should be easy to implement. In the main cPanel account, have a user roles page. Create users with passwords of their own then grant them access much like the database priviledges. Be able to turn FTP, SQL, Email, Spam, Files, etc. on and off with a yes/no toggle button. This would allow business owners to have employees manage certain areas of their domain without creating security risks. When this topic first came out, I assumed this was what they were going to develop. What is in place now does not do anything beneficial for my clients.

photo
1

We are actively working towards a solution that will utilize a Feature Manager style permissions grid, allowing the granting of access to individual features within cPanel. Sadly, the process of granting access is not as simple as it may seem. cPanel Accounts are actually Linux system user, utilizing the built in system authentication to then load permissions and execute functions as the cPanel Account on the system. For example, when you log in to cPanel and add an FTP account, your cPanel Account is actually utilizing the system user executing the proper system commands to add the new user and grand them rights to the file system. With subaccounts, we are having to build a new authentication layer which will authenticate against non-system users, grant permissions first inherited from the primary cPanel Account then augmented by the permissions granted to the subaccount. Next, we must allow for the execution of the actions to be done by the cPanel Account at the system level, but logging must be modified to identify the true source of the change.


As I said, this is not as simple as it sounds on the surface. But we are excited to be well on our way to getting this feature implemented.

photo
1

I could not agree more Jeff. This is what I was also expecting; effectively the same as what I can do with any reasonable Content Management System or Forum Software. Odd that items hosted on the server seem to be a better user/permissions management task than the very control panel that helped me install them!

photo
1

So Chip, we can expect the sort of system similar to what, say, Joomla has to offer? How will this link in (or even replace) the current user manager feature or is it seperate?

photo
1

I can see a new .subbaccounts folder in the root directory of each cpanel user. Do this has something to do with this feature ?

photo
3

User Manager will be updated to include the ability to give Feature access to Subaccounts. The .subaccounts folder is used for storing the Subaccount data, and is the first step towards consolidating accounts and permissions.

photo
2

This cannot come soon enough - absolutely fantastic to see actual elements beginning to land, no matter how foundational. :D

photo
photo
1

I develop and host websites. Recently one client asked to have access to cPanel. Then he decided to "taste" things and deleted an FTP account but also checking 'delete home folder' option. The whole site was destroyed in a click...


Really good to know I will be able to let my clients admin their e-mail accounts but not have access to more technical features.

photo
1

That does raise an important question about how file rights will be managed...


For example, if the file manager is just a checkbox all-or-nothing setup, then anyone can go in there and delete everything, from public_html and mail down to a full wipe.


I wonder how rights/access to do file operations inside the file browser would be managed. Would I be able to select an area(s) where people get access to, like I can specify with FTP? Can I choose whether they can open, delete, upload, download, move?


Hmmmm....

photo
2

The first stages of this access will be granted by feature. For example, access to the File Manager will be either enabled or disabled. Our goal is to then begin adding permissions based access for certain folders and files, as you described. The presents a new set of challenges, which I am sure you are aware of. Please stay tuned as we make progress in this area, as we will likely be reaching out as we get development branches ready for testing in real-world scenarios.

photo
1

Probably a stupid question however I assume one could give someone an FTP account without giving them access to the FTP cPanel area? That would be a "way around" until such as we described would be applied for file manager.


Would the same thing apply for something like FTP too? For example would I be able to specify if someone can create, delete, edit FTP accounts? What about email addresses? Domains/zones? Would it be all or nothing or could I specify what operations and/or which accounts that user would be able to do things with?

photo
photo
1

I know there are many use cases, but the one in my face right now is that I wish to be able to offer site owners access via cPanel to backup functionality (create and download), and nothing else. The reason for this is that there have been a few recent examples where web/hosting companies have shut down, leaving their clients without ftp access to their sites, or backups. So even if clients don't have ftp access, it would be reassuring for them to know that they can, at a minimum, create and access a full on-demand backup of their site.

photo
1

What is the ETA of this, its needed, a permissioning system is essential. This is especially true for client access, we have managed WordPress installs and ideally we want to give only specific access to clients for what they only need access to, but not root access like what the top level account creator would have. Please add this A.S.A.P it is a much needed feature.

photo
1

Hello cPanel-ers! As I understood it, this was possibly in the pipes for the v. 58 release - since dev is now winding down, did this feature make the cut? :D

photo
3

As no cPanel dev/community members ever weighed in with progress notes respective to 58 (sad face), I wanted to post a recent update from their blog for any folks here who may not be an active follower of cPanel's other communication outlets.

The 'Subusers' feature is now slated for items cPanel "hope to include this year". I would like to note that the 'Subusers' feature is also listed distinct from the elements they are touting for version 60 - so that would seem to suggest a chance it may be in release 62 or even later. But progress is being made!

More information is available at: https://blog.cpanel.com/development-update-cpanel-whm-version-58-is-coming-and-starting-version-60/

photo
2

Thank you John for sharing this update, and thanks to you and Scott for pointing out to me that we'd missed updating you all!

photo
photo
1

Hello, am I correct in understanding that existing functionality in cPanel 56 doesn't allow any of the initial request ?


I presumed before I tested it that I would create a user allowed to manage e-mail accounts. I created a new user for a customer to do this and all it seems to have done is create an e-mail account and hasn't created a subuser that can manage e-mail accounts.


I presume if I give this user FTP access it will just create a FTP user with the same login and the same with Web Disk.


Can you please confirm that cPanel has understood that the request here is to create users than can create and manage e-mail accounts, ftp accounts, mysql databases etc ? And isn't just a way of having the same password accross a single e-mail, ftp and webdisk account ?


I understand the initial version isn't complete, but I did think that the e-mail part of the request had been completed and it sadly doesn't seem to be the case yet.

photo
3

This feature is still in development and no portion is available for public use at this time. We are making overhauls to relevant subsystems, such as email, FTP, and Web Disk, in order to facilitate the creation of "sub-users". The creation of a user that has permissions to login to cPanel and perform actions will not be available until we complete the necessary changes to these subsystems. I apologize if there has been any confusion concerning the timing of this. As the topic indicates, this item is still "in progress". We are anticipating a release with v62 of cPanel.

photo
1

When will "v62" be released, when do you estimate?

photo
1

We're currently aiming for 3-4 month build cycles, We don't have an estimated time of completion for 62 yet, but we're aiming at 60 in 2-3 months. That would put 62 toward the end of 2016, or early 2017.

photo
1

Just had a client request this feature from us in a ticket - thanks for the recent update Benny was able to refer the client here :)

photo
photo
2

Hey everyone! Breaking radio silence here for a moment to let you know that this has been pushed off to version 64. The team that was working on this with cPanelChipW has been working on internal improvements and hasn't been able to get back to this yet. They are just as excited to be done with the internal work and get back to this as you are, and as soon as they can I'll make sure everyone know!

photo
4

The team that was working on this was not able to get to it in version 64, and won't be able to work on this for version 66 either. It seems like the earliest we will see this feature released is in version 68, which would be released around the end of September or beginning of October. It's still on the list of things we want to be able to do this year! I'll be back if anything changes, or if we're able to get to it any sooner!

photo
1

Hey all. I regret to have to bring bad news! We have had to shelve this request for now. It's still something we very much want to do, but other things have taken a priority over this. If you have questions or would like to provide further insight, feel free to send me an email!

photo
4

Hey all! I have a flurry of questions about this feature request so I wanted to let you know: It's still on our list of 'features we want to get to', but it's not yet assigned a version. As soon as we have anything solid, I'll be back to let you know!