Vesta Control Panel - Forum

Community Forum
http://forum.vestacp.com/

Change VestaCP user permissions

http://forum.vestacp.com/viewtopic.php?f=10&t=9065

Page 1 of 1

Change VestaCP user permissions

Posted: Fri Aug 14, 2015 3:38 pm
by amirkhonov
Hello!
How can I disable user's permission to able to change account package from user account?

Re: Change VestaCP user permissions

Posted: Fri Aug 14, 2015 3:54 pm
by skurudo
amirkhonov wrote:Hello!
How can I disable user's permission to able to change account package from user account?
Em... what do you exactly want to do? ;-)

Permission -> console command chmod

Code: Select all

chmod -R 755 /home/user/web/domain.com/public_html/
Ownership -> console command chown

Code: Select all

chown -R user:user /home/user/web/domain.com/public_html/
If you want change package for user, then edit your user and your can rebuild this user.

Re: Change VestaCP user permissions

Posted: Fri Aug 14, 2015 4:19 pm
by amirkhonov
No, from web interface users can change their package in user settings. I want to disable that.

Re: Change VestaCP user permissions

Posted: Fri Aug 14, 2015 6:14 pm
by skurudo
amirkhonov wrote:No, from web interface users can change their package in user settings. I want to disable that.
They can't really change anything. But, yeah, they see other packages.
You can change templates for user -> /usr/local/vesta/web/templates/user/

Re: Change VestaCP user permissions

Posted: Wed Sep 09, 2015 11:07 pm
by jonn
If I can, I wish to continue this subject, and add some input.

If we remove the select option portion of the form within edit_user.html like, Package or SSH Access will this effect anything excluding the obvious package conflict where ssh option cant be selected if a user package had the option available, I just think for security purposes Package, and SSH Access select options shouldn't even be shown to a user period.

So as impatient as I am, I went ahead and changed the package options php code & deleted the <select><option></option></select> parts.

Basically now the user will see under Package: Just the package they were assigned. this will keep any test packages or admin packages names a secret.

Lets do a test run.....

template:

Code: Select all

/usr/local/vesta/web/templates/user
edit_user.html
create a backup default user template if you screw it up. always backup!!!!

Code: Select all

cp edit_user.html edit_user.html.template
Now I have created couple of options you can choose what you like the best, but I prefer option #1.

OPTION #1 - only the user assigned package will show, no other options will show even if there was another.

Code: Select all

                                  <select class="vst-list" name="v_package" disabled>
                                        <?php
                                            foreach ($packages as $key => $value) {
                                                $skey = "'".$key."'";
                                                if (( $key == $v_package ) || ( $skey == $v_package)){
                                                echo "\n\t\t\t\t\t\t\t\t\t<option value=\"".htmlentities($key)."\"";
                                                echo 'selected' ;
                                                echo ">".htmlentities($key)."</option>\n";
                                                }
                                            }
                                        ?>
                                    </select>
OPTION #2 - input text field disabled.

Code: Select all

									    <?php
                                            foreach ($packages as $key => $value) {
                                                $skey = "'".$key."'";
                                                if (( $key == $v_package ) || ( $skey == $v_package)){
                                                echo '<input type="text" size="20" class="vst-input" name="v_package" value="'.htmlentities($key).'" disabled>';
                                                }
                                            }
                                        ?>
OPTION #3 - Text Only, but it may cause error on submit so a hidden field is needed here to set the default chosen package.

Code: Select all

									    <?php
                                            foreach ($packages as $key => $value) {
                                                $skey = "'".$key."'";
                                                if (( $key == $v_package ) || ( $skey == $v_package)){
                                                echo $key;
                                                echo '<input type="hidden" size="20" class="vst-input" name="v_package" value="'.htmlentities($key).'" disabled>';
                                                }
                                            }
                                        ?>
================

Thoughts.

Option #1 would be the best choice as it still uses the select form but only shows the package in option field so all other packages are not visible, for all the customer knows that's it.

Option #2 well that being just a input field disabled though can be re-enabled in console, so that one wouldn't be the safest but it works all the same as an example.

Option #3 - Text with hidden input, better than option two as the text can be changed to say something using if statements.

----------------------------------///

Okay.

For the SSH select portion Im still thinking about that one, but in general it should be fine to do the same. If a user needs access, grant it on a user by user by time frame for security. Leaving it open = risk

Any code suggestions would be great. The code above is suffice.


Jon
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/