Change VestaCP user permissions
-
amirkhonov
- Posts: 3
- Joined: Fri Aug 14, 2015 3:28 pm
Change VestaCP user permissions
Hello!
How can I disable user's permission to able to change account package from user account?
How can I disable user's permission to able to change account package from user account?
Re: Change VestaCP user permissions
Em... what do you exactly want to do? ;-)amirkhonov wrote:Hello!
How can I disable user's permission to able to change account package from user account?
Permission -> console command chmod
Code: Select all
chmod -R 755 /home/user/web/domain.com/public_html/ Code: Select all
chown -R user:user /home/user/web/domain.com/public_html/ -
amirkhonov
- Posts: 3
- Joined: Fri Aug 14, 2015 3:28 pm
Re: Change VestaCP user permissions
No, from web interface users can change their package in user settings. I want to disable that.
Re: Change VestaCP user permissions
They can't really change anything. But, yeah, they see other packages.amirkhonov wrote:No, from web interface users can change their package in user settings. I want to disable that.
You can change templates for user -> /usr/local/vesta/web/templates/user/
Re: Change VestaCP user permissions
If I can, I wish to continue this subject, and add some input.
If we remove the select option portion of the form within edit_user.html like, Package or SSH Access will this effect anything excluding the obvious package conflict where ssh option cant be selected if a user package had the option available, I just think for security purposes Package, and SSH Access select options shouldn't even be shown to a user period.
So as impatient as I am, I went ahead and changed the package options php code & deleted the <select><option></option></select> parts.
Basically now the user will see under Package: Just the package they were assigned. this will keep any test packages or admin packages names a secret.
Lets do a test run.....
template:
create a backup default user template if you screw it up. always backup!!!!
Now I have created couple of options you can choose what you like the best, but I prefer option #1.
OPTION #1 - only the user assigned package will show, no other options will show even if there was another.
OPTION #2 - input text field disabled.
OPTION #3 - Text Only, but it may cause error on submit so a hidden field is needed here to set the default chosen package.
================
Thoughts.
Option #1 would be the best choice as it still uses the select form but only shows the package in option field so all other packages are not visible, for all the customer knows that's it.
Option #2 well that being just a input field disabled though can be re-enabled in console, so that one wouldn't be the safest but it works all the same as an example.
Option #3 - Text with hidden input, better than option two as the text can be changed to say something using if statements.
----------------------------------///
Okay.
For the SSH select portion Im still thinking about that one, but in general it should be fine to do the same. If a user needs access, grant it on a user by user by time frame for security. Leaving it open = risk
Any code suggestions would be great. The code above is suffice.
Jon
If we remove the select option portion of the form within edit_user.html like, Package or SSH Access will this effect anything excluding the obvious package conflict where ssh option cant be selected if a user package had the option available, I just think for security purposes Package, and SSH Access select options shouldn't even be shown to a user period.
So as impatient as I am, I went ahead and changed the package options php code & deleted the <select><option></option></select> parts.
Basically now the user will see under Package: Just the package they were assigned. this will keep any test packages or admin packages names a secret.
Lets do a test run.....
template:
Code: Select all
/usr/local/vesta/web/templates/user
edit_user.htmlCode: Select all
cp edit_user.html edit_user.html.templateOPTION #1 - only the user assigned package will show, no other options will show even if there was another.
Code: Select all
<select class="vst-list" name="v_package" disabled>
<?php
foreach ($packages as $key => $value) {
$skey = "'".$key."'";
if (( $key == $v_package ) || ( $skey == $v_package)){
echo "\n\t\t\t\t\t\t\t\t\t<option value=\"".htmlentities($key)."\"";
echo 'selected' ;
echo ">".htmlentities($key)."</option>\n";
}
}
?>
</select>
Code: Select all
<?php
foreach ($packages as $key => $value) {
$skey = "'".$key."'";
if (( $key == $v_package ) || ( $skey == $v_package)){
echo '<input type="text" size="20" class="vst-input" name="v_package" value="'.htmlentities($key).'" disabled>';
}
}
?>
Code: Select all
<?php
foreach ($packages as $key => $value) {
$skey = "'".$key."'";
if (( $key == $v_package ) || ( $skey == $v_package)){
echo $key;
echo '<input type="hidden" size="20" class="vst-input" name="v_package" value="'.htmlentities($key).'" disabled>';
}
}
?>
Thoughts.
Option #1 would be the best choice as it still uses the select form but only shows the package in option field so all other packages are not visible, for all the customer knows that's it.
Option #2 well that being just a input field disabled though can be re-enabled in console, so that one wouldn't be the safest but it works all the same as an example.
Option #3 - Text with hidden input, better than option two as the text can be changed to say something using if statements.
----------------------------------///
Okay.
For the SSH select portion Im still thinking about that one, but in general it should be fine to do the same. If a user needs access, grant it on a user by user by time frame for security. Leaving it open = risk
Any code suggestions would be great. The code above is suffice.
Jon