The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel Security Question

Discussion in 'Security' started by mteigers, Jul 10, 2011.

  1. mteigers

    mteigers Member

    Jul 10, 2011
    Likes Received:
    Trophy Points:
    I'm running into an odd issue, I'm battling with security or efficiency... ideally I'd love to have both. Here's my situation:

    I'm working on creating a new type of hosting company, only with this hosting my team builds and hosts everything for the client, we don't even give them access to cPanel we just host it for them. Not going into specifics.

    Here's my problem - these sites are hosted as subdomains of one of our domains and every site is basically going to be exactly the same (think CMS) besides their content. Additionally we're compiling some of their data into a mass searchable database and are trying to create a framework that let's us update all of our clients at the same time. We're running on a dedicated server and are/were planning on giving a separate cPanel account to each of these accounts for maximum security (And organization).

    So the question - with separate cPanel accounts the accounts can't access the PHP of the main account so it throws the global framework out the window. I can query the main database just fine but can't do PHP... I can edit my server and open up the ability to run server wide PHP scripts but that's obviously really stupid and not secure. For something like this would it be smarter to just keep all of our clients under the same main cPanel account and just keep adding folders to public_html for their subdomains or is there a way to use separate cPanel accounts yet still have a global framework?

    Thanks in advanced.
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Oct 2, 2010
    Likes Received:
    Trophy Points:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator

    You would still be able to keep the subdomains separated on the same account. Rather than putting the subdomains into public_html, the subdomains could instead be put into /home/username/subdomain location and then you would need to have this WHM > Tweak Settings set to off:

    If this is off, then subdomains can be created in /home/username, which would allow you to separate the accounts outside of public_html folder into the user folder but still run scripts on the user's account. While this doesn't create entirely separate accounts, you would still be able to keep them more logically separated from the main account.

    Additionally, you can create FTP accounts for each subdomain that will point to just that directory (/home/username/subdomain) and only allow access to it.


Share This Page