Author Topic: [SECURITY] Disable root login, change system user privileges  (Read 5223 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
[SECURITY] Disable root login, change system user privileges
« on: March 10, 2016, 11:31:26 AM »
Hi.

Is it possible to create user which will have the same privileges on CWP like root?
For security reasons I need to change ssh port and nobody need to know root password.
With ssh the problem doesn't exists because users can be in sudoers group and they have their own password.

The problem is when I need to login into CWP via web browser as root. I wouldn't like to use root account. I would like to login into CWP via browser with personal account with root privileges.

Actually other users outside root have privileges to their own home directory and can change settings in defined package scope.

Can You explain me dependencies between users inCWP SQL database (root_cwp) and users in linux configuration (etc/passwd)?

Is it possible to manually change privileges of standard user account created via browser.

Thank You.
« Last Edit: March 10, 2016, 11:33:44 AM by piotrunioczko »

Offline
*****
Re: [SECURITY] Disable root login, change system user privileges
« Reply #1 on: March 12, 2016, 03:35:57 AM »
contact support for custom request

Offline
*
Re: [SECURITY] Disable root login, change system user privileges
« Reply #2 on: March 14, 2016, 12:32:13 AM »
cwp has this very simple it uses users and password from linux files

etc/passwd
etc/shadow

you can change ssh port, but as you only have one root user and in cwp you will have only one user with root privileges.
Unfortunately additional users like root are not possible without custom cwp version modifications.
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor


Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: [SECURITY] Disable root login, change system user privileges
« Reply #3 on: March 14, 2016, 10:05:59 AM »
Will it be added in new version?

Offline
*****
Re: [SECURITY] Disable root login, change system user privileges
« Reply #4 on: March 21, 2016, 04:58:27 PM »
let me explain... if you have to root users both users can access root directory i.e. why it will be a useless function in cwp

Offline
*
Re: [SECURITY] Disable root login, change system user privileges
« Reply #5 on: March 22, 2016, 02:39:13 PM »
I don't need to have two users which will have privileges to root directory.

I need to create other account in CWP which will have the same privileges as root account. Now if you create user in CWP the user will have privileges only to their own directory and just few functions in CWP, but I need to create other user which will have access to all directories and all functions in CWP.

For security reasons is good practise to turn off root user in Linux, and create users in sudoers group.

Offline
*****
Re: [SECURITY] Disable root login, change system user privileges
« Reply #6 on: March 22, 2016, 03:22:56 PM »
Yep, you can create a user and using sudoers file, but without the CWP.

Offline
*
Re: [SECURITY] Disable root login, change system user privileges
« Reply #7 on: March 25, 2016, 04:33:36 PM »
Thanks for the answer but this isn't good solution. Of course You will have account in sudoers group but You still can't login into this account in CWP login page.

Maybe I explain one more time.

In CWP there is one root account now with login root which corresponds with root account in Linux. This account has privileges to all home directories of other users and all configuration functions in CWP.

If I create account in CWP I will have user account which can do something in his own home directory (f.e. /home/peter) and has just few default functions in CWP.

If I manually disable root account for security reasons in Linux I will have no access to CWP login page. So I need to create account like root (but with other username) which will have the same privileges like root.

Now it's not possible or I don't know how to override this?


« Last Edit: March 25, 2016, 04:46:18 PM by piotrunioczko »

Offline
*
Re: [SECURITY] Disable root login, change system user privileges
« Reply #8 on: November 15, 2017, 09:22:10 PM »
Bump...

I have the exact same issue.  I love CWP and want to use it on a personal web server at work, but my server admin doesn't like having a root user hanging out where it could be hacked.

Has anything happened with this since mid-2016?

Offline
****
Re: [SECURITY] Disable root login, change system user privileges
« Reply #9 on: January 23, 2018, 12:44:29 PM »
I concur with the potential risks of having a root login exposed to the web but also reckon that it might be messy/difficult to implement a safe/secure SUDO login.

However, I was thinking that perhaps a 2-Step Verification (TOTP) implementation would nicely mitigate the attack surface. That would be a nice incentive to make a donation to CWP.
« Last Edit: January 23, 2018, 12:47:49 PM by n8v8r »

Offline
****
Re: [SECURITY] Disable root login, change system user privileges
« Reply #10 on: January 25, 2018, 02:47:51 PM »
I pledge a USD 100 donation for implementing 2-Step Verification (TOTP) with CWP (if feasible to extend to other logins such as SQL)