symbolic links between cPanel accounts

internetbug256

• September 11, 2016 08:38

Hello. I am facing this problem every time I have to run Easyapache, or migrate to a new hardware, which is not the case (both). We have a legacy tool that uses a repository of files and they must be shared (just for read access) between more than 2 cpanel accounts, while one of the account must have also create/write permissions. With Centos 6.x and Apache 2.2 I succeded by following these rules (sorry if they are redundant or contradictory - they were defined along the years-): - chmod a+x /home/[cpanel_account]/public_html. This must be run on every Apache recompile (using command line or by running Easy Apache from WHM). - chmod g+w /home/[cpanel_account]/public_html, so shared dirs must be writable by the group. - Symbolic links will give a permission denied message if one or more directories in the linked path are not world executable. ALSO, the physical directory must be OWNED by the account that symlinks to with WRITE purposes. - You have to add the user to the apache group: usermod -a -G apache new_user - Finally, the owner fo the shared directory has to be Apache: chgrp apache shared_dir So now, after migrated to Centos 7.x and lastest stable Apache offered by cPanel configuration, I cannot make the symlinks to work for all accounts. Always for only one. No luck. Worst of all, my cooking recipy is now wrong since it seems that the apache group dissapeared. So any of you guys has faced the same problem? Is PHP suExec guilty, or is any workaround posssible to bypass these security controls? SElinux is disabled. This is a totally closed cPanel installation. No hosting client will open any cpanel account. All cpanel/whm management is made by internal IT people.

• 

  cPanelMichael

  • September 20, 2016 19:59

  Hello, Could you let us know the PHP handler you are using? You can find this information with the following command:
  /usr/local/cpanel/bin/rebuild_phpconf --current
  Thank you.

  0
• 

  internetbug256

  • September 20, 2016 22:38

  Hi Michael I managed to find the solution. It was about unchecking the SymLinksIfOwnerMatch option from WHM, in Apache Configuration / Global settings. That, added to the rule that "if one account need write permission to a symlink dir, then it must own that directory", made my solution. In my case, I need only one account with read/write permissions, while all the rest need only read permissions. Answering your specific question: [root@web ~]# /usr/local/cpanel/bin/rebuild_phpconf --current Available handlers: suphp dso cgi none DEFAULT PHP: 5 PHP4 SAPI: none PHP5 SAPI: suphp SUEXEC: enabled RUID2: not installed Thank you!

  0
• 

  cPanelMichael

  • September 21, 2016 12:39

  Hello, I'm happy to see you were able to address the issue. Thank you for updating us with the outcome.

  0
• 

  Don D.

  • November 18, 2016 19:09

  Hi Guys, This is exactly what I needed to do and I am having troubles, would you please walk me thru this as I don't have much experience with linux, WHM and cpanel. What I try to accomplish: I have two Magento stores sharing exactly everything from data bases to back admin (which run under Magento). The only different is their domain and their IP address for SSL purpose. I have 1 store is up and running right now under user1 account in my WHM, I am adding 2nd store under user 2 account in WHM. In user 2 public_html, I need to add a bunch of symlinks to public_html folder in user 1 account, along with 1 index.php and 1 .htaccess files. Visitor will visit 2nd store and see that index php, then follow the symlink to the first account and Magento handling the rest from there using resources from first account. What I have tried so far: I followed Internetbug256 down to each code: chmod a+x /home/user1/public_html chmod a+x /home/user2/public_html chmod g+w /home/user1/public_html usermod -a -G apache user1 usermod -a -G apache user2 chgrp apache /home/user1/public_html I unchecked SymLinksIfOwnerMatch option Restarted apache The problem: I created a symlink: ln -s /home/user1/public_html/app /home/user2/public_html/app The folder created but nothing inside it. I know it is a symbolic link, but when clicking on it, you suppose to see what in that folder from user1 account right? My set up: Dedicated server Centos 7/apache WHM/cpanel This server right now only have 2 above account and will not have anything else later, I read a lot about this option and many commented the security breach of this option. I am aware of it and really want to go on with it. Please help me! I am greatly appreciated! Don

  0
• 

  Don D.

  • November 19, 2016 22:10

  So far I managed to get exactly what I wanted above... with a few minor changes where the group name is different (after I figured out the original post used apache as example group name! :) ) My problem now is when loading store 1, it is fine but when loading store 2, I have that CORS problem! Because obviously the skin images/css are running from store 1 url, making it mismatching in the head! I have tried adding: Header set Access-Control-Allow-Origin "*" to the .htaccess files of both store, but still not working Would you please offer some help on this? Thanks so much in advance!

  0
• 

  cPanelMichael

  • November 21, 2016 18:03

  The only different is their domain and their IP address for SSL purpose.

  
  Hello, Have you considered simply making the second domain name an addon domain name with the same document root? This would ensure both domain names load the exact same content, and the AutoSSL feature would assign SSL certificates to both domain names: Addon Domains - Documentation - cPanel Documentation Manage AutoSSL - Documentation - cPanel Documentation Thank you.

  0

Please sign in to leave a comment.