cPanel Design

[xous]

Hi,

I've been working as a system administrator for about two years now and I've got to say cPanel has made my job bit easier in some areas but made some things that should be extremely simple a real pain.

I'm trying to offer my thoughts as constructive criticism so cPanel gets better so please don't just delete this thread out of hand.

My first question is about the primary domain design. I just can't figure out why you insist on adding a sub-domain off the primary domain for each add-on domain. Why?

My second complaint is about input validation. If you are going to use the folder name as the sub-domain for an add-on domain PLEASE insure that the folder name is a valid DNS label. As far as I know you are using perl so this should be a simple regex one liner.

Third: PLEASE, PLEASE, PLEASE do your checks BEFORE you start diving in and modifying everything only to find out the operation fails and have to revert all the changes. This almost always results in an admin having to muck around in 99% undocumented configuration files to fix the issue or open a ticket with you guys to get you to fix it.

Adopt a decent structure for storing vhost information:

What is wrong with ~/vhosts/<vhostname>/{mail,www,logs}

Four: Verbose error messages when something does go wrong. e.g. Can't add a new parked domain because there is an existing DNS zone file in /var/named? Say So! If you don't do this for security reasons put it in the cPanel log file.

Five: We need Password complexity requirements. Since you don't use pam for ftp authentication, mail auth, etc these need to be implemented in cPanel.

Six: Please read http://www.pathname.com/fhs/pub/fhs-2.3.html and stop storing configuration and logs in /usr

[xous]

No comments at all?

[cpanelnick]

No comments at all?

It would probably be best if you opened a support ticket @ https://tickets.cpanel.net/submit/ as these fourms are not an official means of support. It is likely that you have nobody has responded to your post because it is not possible to address all of your concerns with much more information.

However you may wish to check out this area in WHM:

Main >> Security >> Security Center >> Password Strength Configuration

Also make sure you are using the x3 theme and not one of the older themes.

[cpanelkenneth]

My first question is about the primary domain design. I just can't figure out why you insist on adding a sub-domain off the primary domain for each add-on domain. Why?

Legacy reasons. This will change at some future date, but for now it remains in place. At one point we treated httpd.conf as a definitive datastore for certain account information. Providing a addon -> subdomain mapping was one way to perform an accurate lookup of ownership. We've since moved away from using httpd.conf like that.

My second complaint is about input validation. If you are going to use the folder name as the sub-domain for an add-on domain PLEASE insure that the folder name is a valid DNS label. As far as I know you are using perl so this should be a simple regex one liner.

Are you using the X3 theme? In X3, you have to set a separate Folder name from the Subdomain. The folder name is not used for the Zone, but the Subdomain name is. Also (testing in 11.24) invalid DNS characters are prevented from use. Do you have specific characters that should be blocked but aren't?

Third: PLEASE, PLEASE, PLEASE do your checks BEFORE you start diving in and modifying everything only to find out the operation fails and have to revert all the changes. This almost always results in an admin having to muck around in 99% undocumented configuration files to fix the issue or open a ticket with you guys to get you to fix it.

Specific examples are more useful than general complaints. Please itemize the problems you are experiencing.

Four: Verbose error messages when something does go wrong. e.g. Can't add a new parked domain because there is an existing DNS zone file in /var/named? Say So! If you don't do this for security reasons put it in the cPanel log file.

Noted. Thank you.

Five: We need Password complexity requirements. Since you don't use pam for ftp authentication, mail auth, etc these need to be implemented in cPanel.

Some complexity requirements can be set using the Password Strength Configuration tool in Security Center within WHM. Have you examined them?

[xous]

Second and third might have been left over from cPanel 10.X. I'll see if I can still duplicate the behavior and open a ticket.

However you may wish to check out this area in WHM:

Main >> Security >> Security Center >> Password Strength Configuration

This looks like what I need.

I will open a ticket for the remaining comments.

[cpanelkenneth]

Second and third might have been left over from cPanel 10.X. I'll see if I can still duplicate the behavior and open a ticket.



This looks like what I need.

I will open a ticket for the remaining comments.

Thank you for doing that.