Plesk 10.4.4 can't limit reseller permissions

[cmaxwell]

Hi all,

When we create a Reseller Plan and set permissions such as "Management of access to the server over SSH" to "Not allowed", when the reseller logs in they can create service plans with any permissions they choose. In other words, the permissions that we set for the reseller have no effect when they create their own plans.

For example, a reseller can create a service plan and allow SSH access for their customers even when the "Management of access to the server over SSH" option was disallowed for the reseller. This is a significant security risk as they can allow even non-chrooted SSH access to the server.

I have tested and confirmed this on a couple of Plesk 10.4.4 servers and both produce the same results.

Does anyone have any suggestions, or am I missing something obvious?

Thanks,
Chris

 

[cmaxwell]

Just found the section in the documentation that explains this:

"Service plans define potential services, the Panel does not check if a service or a resource that a service plan should provide is actually available, whether in the system in general, or in your reseller subscription. For example, when creating a plan, you can select to allow subscribers SSH access to a server shell when your subscription does not provide the Management of access to the server over SSH privilege. In such case, the Panel will let you do it and will show no error or warning messages.

Subscriptions provide actual resources and services, which are allocated during creation of each subscription."

While this makes sense, I still find it rather counter-intuitive as it could give a reseller the impression that they can indeed use these resources when they actually can't.