Control Web Panel
WebPanel => CentOS-WebPanel GUI => Topic started by: piotrunioczko on March 10, 2016, 11:31:26 AM
-
Hi.
Is it possible to create user which will have the same privileges on CWP like root?
For security reasons I need to change ssh port and nobody need to know root password.
With ssh the problem doesn't exists because users can be in sudoers group and they have their own password.
The problem is when I need to login into CWP via web browser as root. I wouldn't like to use root account. I would like to login into CWP via browser with personal account with root privileges.
Actually other users outside root have privileges to their own home directory and can change settings in defined package scope.
Can You explain me dependencies between users inCWP SQL database (root_cwp) and users in linux configuration (etc/passwd)?
Is it possible to manually change privileges of standard user account created via browser.
Thank You.
-
contact support for custom request
-
cwp has this very simple it uses users and password from linux files
etc/passwd
etc/shadow
you can change ssh port, but as you only have one root user and in cwp you will have only one user with root privileges.
Unfortunately additional users like root are not possible without custom cwp version modifications.
-
Will it be added in new version?
-
let me explain... if you have to root users both users can access root directory i.e. why it will be a useless function in cwp
-
I don't need to have two users which will have privileges to root directory.
I need to create other account in CWP which will have the same privileges as root account. Now if you create user in CWP the user will have privileges only to their own directory and just few functions in CWP, but I need to create other user which will have access to all directories and all functions in CWP.
For security reasons is good practise to turn off root user in Linux, and create users in sudoers group.
-
Yep, you can create a user and using sudoers file, but without the CWP.
-
Thanks for the answer but this isn't good solution. Of course You will have account in sudoers group but You still can't login into this account in CWP login page.
Maybe I explain one more time.
In CWP there is one root account now with login root which corresponds with root account in Linux. This account has privileges to all home directories of other users and all configuration functions in CWP.
If I create account in CWP I will have user account which can do something in his own home directory (f.e. /home/peter) and has just few default functions in CWP.
If I manually disable root account for security reasons in Linux I will have no access to CWP login page. So I need to create account like root (but with other username) which will have the same privileges like root.
Now it's not possible or I don't know how to override this?
-
Bump...
I have the exact same issue. I love CWP and want to use it on a personal web server at work, but my server admin doesn't like having a root user hanging out where it could be hacked.
Has anything happened with this since mid-2016?
-
I concur with the potential risks of having a root login exposed to the web but also reckon that it might be messy/difficult to implement a safe/secure SUDO login.
However, I was thinking that perhaps a 2-Step Verification (TOTP) implementation would nicely mitigate the attack surface. That would be a nice incentive to make a donation to CWP.
-
I pledge a USD 100 donation for implementing 2-Step Verification (TOTP) with CWP (if feasible to extend to other logins such as SQL)