Our features site is undergoing a refresh! Be sure to explore the revamped site and discover our latest product roadmap launching here on Monday, March 18th.
New Topic
cPanel & WHM Feature RequestsTopicSecurity
Properties
Category Security
Tags Root Password, change root password

Require current password to change root password

benny@cpanel.net shared this idea 8 years ago
Open Discussion

As a System Administrator I would like the WHM "Change Root Password" interface to require the current root password before allowing authenticated users to change the root password, to prevent users who have gained access without using the root password from being allowed to change my root password.


2264d78e5109f0fd9cd95d2fecfa2029

9 I like this idea 1  

Replies (2)

photo
1
Mike 8 years ago

Makes sense. The user could have been logged into WHM via other means e.g. single sign on and shouldn't be able to change the root password for the system.

Reply
photo
1
Larry 8 years ago

Logically, this does make sense but anyone with root access to WHM is likely to have root access via SSH key or the password itself, and thus can still change the root password without verification.


Via the command line under root, you can change the password without confirmation of the existing password. Trust would be the key factor to whom has access, and therefore I think it's best to just have a separate account (e.g. a "Reseller") to distribute tech access to for your L1 / L2 techs.


WHM should function similarly to how the console would function under a root user since it does after all execute root commands.

Reply
photo
1
benny@cpanel.net 8 years ago

Based on the situation that triggered this request from the user, I'd say it's more likely a situation in which someone has gain root-level access to WHM through a means that didn't require entering the password (an existing session, SSO, etc). There are arguably ways around it (SSH keys and such), but the request is still legitimate, I think.

Thanks for your input, for sure. I've adjusted the original text of the request to more accurately describe the trigger of the request.

photo
1
Karl Austin 8 years ago

There are a few scenarios:


1) Already covered, SSO etc.


2) User leaves their machine unlocked, but logged in, someone changes the root password.


3) Imagine you've got a customer you trust for full WHM, but don't want to have root server access (as there's too much they can break/install). They don't have the root details, just a reseller with full WHM. They can't SSH in as root, they can't grant root SSH to themselves from WHM (We have the servers pretty well locked down). 99% of their staff no not to touch the "Change root password", but one is a bit overzealous and changes it when another member of staff leaves (even though they never had the original root), they then lose the record of this password. Now imagine something has broken on the server and you need to fix it, you go to log in to find you can't get to root any more (we don't have un-privileged users with sudo access, we prefer a two step to root) and the customer has no record of the password - At best it means getting the client to give you their WHM password (if they've not lost that as well!), at worst it means in the middle of the night you're getting people out of bed for it.

photo
Leave a Comment
 
Attach a file

cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.