For some reason it wouldn't let me edit, so here's the revised version making my intentions clearer.
Hey everyone,
I have a project ahead of me and need to figure out the capabilities of cPanel in these regards; perhaps it'll be a fun intellectual exercise for Michael, InfoPro and other CP staff and users
I have a proprietary SAAS CMS web application that I'm attempting to deploy for each of our users via cPanel. Think of it as a softaculous type deploy-able setup, except it modifyies the document root and makes it so the users can't access any of the data unless it's through our CMS web app.
Overview:
How do you suggest I go about this?
I've contemplated:
Hey everyone,
I have a project ahead of me and need to figure out the capabilities of cPanel in these regards; perhaps it'll be a fun intellectual exercise for Michael, InfoPro and other CP staff and users
[[email protected] ~]# grep '' /etc/redhat-release /usr/local/cpanel/version /var/cpanel/envtype ; grep CPANEL= /etc/cpupdate.conf
/etc/redhat-release:CloudLinux release 7.6 (Vladimir Lyakhov)
/usr/local/cpanel/version:11.70.0.62
/var/cpanel/envtype:xen hvm
CPANEL=11.70
/etc/redhat-release:CloudLinux release 7.6 (Vladimir Lyakhov)
/usr/local/cpanel/version:11.70.0.62
/var/cpanel/envtype:xen hvm
CPANEL=11.70
I have a proprietary SAAS CMS web application that I'm attempting to deploy for each of our users via cPanel. Think of it as a softaculous type deploy-able setup, except it modifyies the document root and makes it so the users can't access any of the data unless it's through our CMS web app.
Overview:
- This SAAS CMS web application runs as a monolithic site, comprised of files only under public_html and a single database. So nothing complex going on there..
- Each account needs read/write access to the shared set of public_html files and database.
- Each account cannot have direct access to the shared files / database. (i.e. disable web related UI, SSH etc.) I don't want them seeing the proprietary data.
- Each account must retain the typical cPanel access to DNS, Email, etc. Essentially everything not webfile/database related.
- If possible, make the solution so that other "regular users" aren't adversely affected.
- If possible, make it user run in their own environment (cagefs/run pid as per user)
How do you suggest I go about this?
I've contemplated:
- Perhaps creating an Apache include with the necessary variables and simply hiding access via features. (wishful thinking?)
- Copying the proprietary files under every users directory, and leave the database attached to the parent domain. (maintenance headache and security concerns)
- Combine everyone's thoughts together and create automated system of hook(s) / master of puppets that runs behind the scenes making constant edits and service restarts & reloads. (last resort)
Last edited by a moderator:
