Enabling Power User UI
The power user interface combines the simplicity of Parallels Small Business Panel and powerful hosting management features of Parallels Plesk Panel product line. It is intended for users who do not need functions for reselling shared hosting services and accommodating new resellers and customers:
* There is no hierarchy of user accounts specific to shared hosting: no resellers, no customers.
* There are no service plans, subscriptions, and limits on amounts of resources consumed by websites.
To enable the power user mode through the Panel command line:
On Linux systems, issue the command:
/usr/local/psa/bin/poweruser –on -ip [ip-address>] -domain [domain_name>]
where
* [ip-address] is the IP address allocated to the administrator’s default webspace.
This option is required in case there are no subscriptions belonging to admin.
* [domain_name] is the name of the default webspace and the main website in this webspace. If the -domain option is not specified, the server host name will be used. The option makes sense only when used together with -ip.
Reference: http://parallels.com/
Adding new User buddy to the wheel group
The wheel group is a group which limits the number of people who are able to su to root. This usually consists of a group named “wheel” and a set of users that are permitted to use the utility ’su’ in order to change to root.
Many systems, especially either commercial systems or Linux systems, come without wheel groups configured and implemented. At least one Linux distribution, comes with wheel groups preconfigured but not active. However, all or nearly all BSD based systems will come with the wheel group installed and set up.
Adding new user “buddy” to the wheel group in order to allow it to gain root access, with *NO* root privileges. That means that this user will be able to log into the server, but won’t be able to perform any root tasks until the user switches to the root user.
Once you are in SSH, you have to type the below command, the user buddy should already exist.
#/usr/sbin/usermod –G wheel buddy
Before proceeding, re-login to your server using the “buddy” account. At the SSH prompt, type “su” followed by the Enter key, and then enter in the root password. If you were successful, you should be at a root prompt:
To confirm that you are root, at the SSH prompt type the command whoami , which should display your root account.
Add user to sudoers list
sudoers - list of which users may execute what.
Login as root and then run the command visudo, add a line. Replace username to the actual user name.
/etc/sudoers - This file MUST be edited with the ‘visudo’ command as root.
To add all user in wheel group to sudoers list, login as root and then run the command visudo to uncomment the line below, or add this line is it not exist.
Adding SPF records for a user via SSH in Cpanel servers
SPF (Sender Policy Framework): A feature that allows a recipient server to verify that an email message has really been sent from the domain specified in the From: field. Enabling SPF can prevent your server from receiving replies to spam that has forged your domain name as part of the sender’s address. SPF only works if both the sending and receiving mail servers have SPF enabled.
Login to your cpanel server as root user.
/usr/local/cpanel/bin/spf_installer USERNAME
Disabling SSH Login for root user
Below are instructions for disabling the root user and allowing another user to assume the root users permissions. This adds another layer of security because an additional username and password must now be entered before gaining the root user privileges.
Before you disable root logins you should add an administrative user that can ssh into the server and become root with su.
In the following example we are using buddy for the username, but can be replaced with any username you wish to use.
root@dell:~# useradd buddy
root@dell:~# id buddy
uid=1005(buddy) gid=1007(buddy) groups=1007(buddy)
Set the password for the buddy user. When prompted type and then retype the password.
root@dell:~# passwd buddy
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
SSH to the server with the new admin user and ensure that the login works.
Verify that you can su (switch user) to root with the admin user.
buddy@dell:/$ su
Password:
root@dell:/# whoami
root
Edit /etc/ssh/sshd_config with your favorite text editor.
Change this line:
to this:
Ensure that you are logged into the box with another shell before restarting sshd to avoid locking yourself out of the server.
# /etc/init.d/sshd restart
