Multiple accounts sharing same public_html, without security issues?

cEMa

Member
Mar 15, 2016
6
3
3
TN
cPanel Access Level
DataCenter Provider
For some reason it wouldn't let me edit, so here's the revised version making my intentions clearer.

Hey everyone,

I have a project ahead of me and need to figure out the capabilities of cPanel in these regards; perhaps it'll be a fun intellectual exercise for Michael, InfoPro and other CP staff and users ;)

[[email protected] ~]# grep '' /etc/redhat-release /usr/local/cpanel/version /var/cpanel/envtype ; grep CPANEL= /etc/cpupdate.conf
/etc/redhat-release:CloudLinux release 7.6 (Vladimir Lyakhov)
/usr/local/cpanel/version:11.70.0.62
/var/cpanel/envtype:xen hvm
CPANEL=11.70


I have a proprietary SAAS CMS web application that I'm attempting to deploy for each of our users via cPanel. Think of it as a softaculous type deploy-able setup, except it modifyies the document root and makes it so the users can't access any of the data unless it's through our CMS web app.

Overview:
  1. This SAAS CMS web application runs as a monolithic site, comprised of files only under public_html and a single database. So nothing complex going on there..
  2. Each account needs read/write access to the shared set of public_html files and database.
  3. Each account cannot have direct access to the shared files / database. (i.e. disable web related UI, SSH etc.) I don't want them seeing the proprietary data.
  4. Each account must retain the typical cPanel access to DNS, Email, etc. Essentially everything not webfile/database related.
  5. If possible, make the solution so that other "regular users" aren't adversely affected.
  6. If possible, make it user run in their own environment (cagefs/run pid as per user)

How do you suggest I go about this?

I've contemplated:
  • Perhaps creating an Apache include with the necessary variables and simply hiding access via features. (wishful thinking?)
  • Copying the proprietary files under every users directory, and leave the database attached to the parent domain. (maintenance headache and security concerns)
  • Combine everyone's thoughts together and create automated system of hook(s) / master of puppets that runs behind the scenes making constant edits and service restarts & reloads. (last resort)
Any insight would be greatly appreciated, thanks!
 
Last edited by a moderator:

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,234
363
cPanel Access Level
DataCenter Provider
Twitter
Hi @cEMa,

My initial thought is that Git is the ideal solution for this project if you are open to making some slight modifications to your plan. Check out our guide to using Git at:

Guide to Git - cPanel Knowledge Base - cPanel Documentation

Let me know if this looks like it may work for this project, or if you have any questions about how it would work.

Thank you.
 

cEMa

Member
Mar 15, 2016
6
3
3
TN
cPanel Access Level
DataCenter Provider
@cPanelMichael Thanks for the reply.

I must not have articulated my question correctly. See the attached images illustrating what I'm trying to accomplish.

Our CMS software is already deployed and running in a non-cpanel environment (for 10+ years now). What I'm trying to figure out is, how to make it work properly using cPanel.

I'm trying to figure out how to make it so all the cpanel accounts paying for our CMS software have filesystem access to the same files, but without letting the client (humans) have access to our proprietary code; all whilst having each site running as it's own user so CloudLinux LVE can ensure server stability.
 

Attachments

Last edited:

cEMa

Member
Mar 15, 2016
6
3
3
TN
cPanel Access Level
DataCenter Provider
The "Upload a File" button should work just fine for .jpg files. If it doesn't for you, can you tell me if you get any sort of messge when it fails?
Thanks, @Infopro whatever you looked at fixed the problem. I've edited and attached the two images to my previous reply. Feel free to take a quick peek at those pics to see what I'm trying to accomplish. You might have an obvious/immediate solution. Cheers!
 
  • Like
Reactions: Infopro

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,234
363
cPanel Access Level
DataCenter Provider
Twitter
Hi @cEMa,

1. While it would involve a significant change to your existing setup, a git-based approach is way to go in my opinion. There's definitely a learning curve, but the end result is that you'd have a more secure and seamless way to distribute a single set of files across multiple accounts. The following blog post offers some more information:

Git Version Control series: What is Git? | cPanel Blog

2. As far as the proprietary code, have you considered encoding it using a solution such as Zend Guard?

Thank you.