The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

open_basedi and userdir problem

Discussion in 'General Discussion' started by soulmaster, Apr 13, 2009.

  1. soulmaster

    soulmaster Active Member

    Joined:
    Mar 27, 2007
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    hello
    i'm here to ask for help

    on enabled mod_userdir, open_basedir restrictions not affects, if user goes to http://ip/~user.
    in this case phpsuxec restrictions also not affects, because URL-s like http://ip/~user apache executs as user nobody, which have read permissions on all public_html directories

    so,if this some misconfiguration issue ?
    or is there any other posibility to give the users access to their sites, with disabled mod_userdir ?

    thaks in advance
     
  2. tuxicans

    tuxicans Active Member

    Joined:
    Oct 16, 2008
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Please make sure "default host" is excluded from userdir protection,
    and use the URL in the format http://hostname/~user

    See if that works.
     
  3. soulmaster

    soulmaster Active Member

    Joined:
    Mar 27, 2007
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    it does not matter if it's hostname or ip
    if user goes to http://hostname/~user, open_basedir restrictions not affects
     
  4. okeith

    okeith Member
    PartnerNOC

    Joined:
    Jan 5, 2005
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Hi everyone,
    It seems to me that this issue is not resolved,
    does anyone have any further suggestions?

    soulmaster - did you find any solution to this?
     
  5. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Is there any particular reason your users must go to IP/~user to access their website rather than the domain set up on their cPanel account? Usually this is only used if the customer has an existing domain they are transferring to your server since the DNS propagation can take a couple of days. This is not often used as a permanent solution.
     
  6. okeith

    okeith Member
    PartnerNOC

    Joined:
    Jan 5, 2005
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for the quick reply David,

    It sounds like you're saying the userdir feature is unusable,
    or how can it be used in a temporary capacity in the manner
    you mentioned, if it cannot be left enabled on the server
    given the implications? Also, what about shared SSL?
     
  7. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    The userdir feature of Apache has its drawbacks, hence we have the option in WHM's Security center to disable userdir (called: enabling mod_userdir protection). The main issue is that whatever user has the domain or IP portion of IP/~username will have all bandwidth used by /~username added to their account. This means one user can "steal" another user's bandwidth.

    Also, PHP running as CGI (including FastCGI and SuPHP) will not run scripts within /~username as the username after ~, as one may think it would.

    You mention you're using phpSuExec. You may want to update to SuPHP since we haven't supported phpSuExec for a while.

    It is good practice to have users access their domain using example.com (where example.com represents their domain) rather than somethingelse/~username. However, it is common to allow /~username in instances where DNS propagation issues exist and for shared SSL certificates.

    Using the mod_userdir protection screen in WHM's Security Center, you can enable/disable this protection on a per-user basis.

    Enabling protection = no ability to access via /~username
    Disabling protection = ability to access via /~username

    If you are using shared SSL certificates, I recommend only disabling the protection for users that are using these shared SSL certificates and for users whose DNS has not yet propagated.
     
Loading...

Share This Page