Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Multiple accounts sharing same public_html, without security issues?

Discussion in 'Security' started by cEMa, Jan 7, 2019.

  1. cEMa

    cEMa Member

    Joined:
    Mar 15, 2016
    Messages:
    6
    Likes Received:
    3
    Trophy Points:
    3
    Location:
    TN
    cPanel Access Level:
    DataCenter Provider
    For some reason it wouldn't let me edit, so here's the revised version making my intentions clearer.

    Hey everyone,

    I have a project ahead of me and need to figure out the capabilities of cPanel in these regards; perhaps it'll be a fun intellectual exercise for Michael, InfoPro and other CP staff and users ;)

    [root@whmcf01 ~]# grep '' /etc/redhat-release /usr/local/cpanel/version /var/cpanel/envtype ; grep CPANEL= /etc/cpupdate.conf
    /etc/redhat-release:CloudLinux release 7.6 (Vladimir Lyakhov)
    /usr/local/cpanel/version:11.70.0.62
    /var/cpanel/envtype:xen hvm
    CPANEL=11.70


    I have a proprietary SAAS CMS web application that I'm attempting to deploy for each of our users via cPanel. Think of it as a softaculous type deploy-able setup, except it modifyies the document root and makes it so the users can't access any of the data unless it's through our CMS web app.

    Overview:
    1. This SAAS CMS web application runs as a monolithic site, comprised of files only under public_html and a single database. So nothing complex going on there..
    2. Each account needs read/write access to the shared set of public_html files and database.
    3. Each account cannot have direct access to the shared files / database. (i.e. disable web related UI, SSH etc.) I don't want them seeing the proprietary data.
    4. Each account must retain the typical cPanel access to DNS, Email, etc. Essentially everything not webfile/database related.
    5. If possible, make the solution so that other "regular users" aren't adversely affected.
    6. If possible, make it user run in their own environment (cagefs/run pid as per user)

    How do you suggest I go about this?

    I've contemplated:
    • Perhaps creating an Apache include with the necessary variables and simply hiding access via features. (wishful thinking?)
    • Copying the proprietary files under every users directory, and leave the database attached to the parent domain. (maintenance headache and security concerns)
    • Combine everyone's thoughts together and create automated system of hook(s) / master of puppets that runs behind the scenes making constant edits and service restarts & reloads. (last resort)
    Any insight would be greatly appreciated, thanks!
     
    #1 cEMa, Jan 7, 2019
    Last edited by a moderator: Jan 7, 2019
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,272
    Likes Received:
    2,154
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi @cEMa,

    My initial thought is that Git is the ideal solution for this project if you are open to making some slight modifications to your plan. Check out our guide to using Git at:

    Guide to Git - cPanel Knowledge Base - cPanel Documentation

    Let me know if this looks like it may work for this project, or if you have any questions about how it would work.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cEMa

    cEMa Member

    Joined:
    Mar 15, 2016
    Messages:
    6
    Likes Received:
    3
    Trophy Points:
    3
    Location:
    TN
    cPanel Access Level:
    DataCenter Provider
    @cPanelMichael Thanks for the reply.

    I must not have articulated my question correctly. See the attached images illustrating what I'm trying to accomplish.

    Our CMS software is already deployed and running in a non-cpanel environment (for 10+ years now). What I'm trying to figure out is, how to make it work properly using cPanel.

    I'm trying to figure out how to make it so all the cpanel accounts paying for our CMS software have filesystem access to the same files, but without letting the client (humans) have access to our proprietary code; all whilst having each site running as it's own user so CloudLinux LVE can ensure server stability.
     

    Attached Files:

    #3 cEMa, Jan 9, 2019
    Last edited: Jan 9, 2019
  4. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,877
    Likes Received:
    482
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    The "Upload a File" button should work just fine for .jpg files. If it doesn't for you, can you tell me if you get any sort of messge when it fails?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    cEMa likes this.
  5. cEMa

    cEMa Member

    Joined:
    Mar 15, 2016
    Messages:
    6
    Likes Received:
    3
    Trophy Points:
    3
    Location:
    TN
    cPanel Access Level:
    DataCenter Provider
    Thanks, @Infopro whatever you looked at fixed the problem. I've edited and attached the two images to my previous reply. Feel free to take a quick peek at those pics to see what I'm trying to accomplish. You might have an obvious/immediate solution. Cheers!
     
    Infopro likes this.
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,272
    Likes Received:
    2,154
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi @cEMa,

    1. While it would involve a significant change to your existing setup, a git-based approach is way to go in my opinion. There's definitely a learning curve, but the end result is that you'd have a more secure and seamless way to distribute a single set of files across multiple accounts. The following blog post offers some more information:

    Git Version Control series: What is Git? | cPanel Blog

    2. As far as the proprietary code, have you considered encoding it using a solution such as Zend Guard?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice