Symptoms
A reseller with Disk and/or Bandwidth limits are able to create an account with these settings set to unlimited. The account will be assigned to the default package and ignore the actual package settings.
Description
If a reseller is granted the Account Modification edit-account
privilege, this allows them to create accounts without specifying a package. This causes the newly created account to be set to the default package but with unlimited values for disk/bandwidth, regardless of the package settings.
Workaround
The Account Modification edit-account
privilege is listed under the Superuser category. If a reseller should be restricted to resource limits we advise against providing them Superuser level privileges. Instead, if you wish for your resellers to be able to modify their account settings you should grant them the ability to edit packages or upgrade an account to a new package. These privileges are controlled by the ACL options "Upgrade/Downgrade Accounts upgrade-account", "Add/Remove Packages add-pkg", and "Edit Packages edit-pkg"
Comments
1 comment
Update: We would like to thank you for your interest in this article/case and encourage your submissions as they are valuable to the ever-expanding development of cPanel & WHM. At this time, this particular issue has not been selected for action from our Development Team, as it may require more development resources than we can allot, or alters the direction cPanel envisions for the product. Submissions persist in our Issue Tracking System in the event the impact of the related issue grows or product direction changes. If you feel that this defect requires direct action, we strongly encourage you to submit a Feature Request to allow the cPanel Community to vote and support your cause.
Thank you again for helping us make cPanel & WHM the hosting platform of choice.
Article is closed for comments.