Programmatic passwd files

Operating System & Version
CENTOS 7.9
cPanel & WHM Version
98.0.9
coursevector

coursevector

Well-Known Member
Feb 23, 2015
162
28
68
cPanel Access Level
Root Administrator
I want to generate password protected directories automatically as we migrate away from manually created password protected passwords in cPanel. I see that cPanel creates the files in /.htpasswds/public_html/EXAMPLE_DIR. PHP doesn't have proper permissions to edit this file and still have Apache run the file as it needs to run as the 'nobody' user and the PHP script isn't in the same permissions group. Which makes sense, so what I tried doing was to create/migrate the passwd file to /public_html/EXAMPLE_DIR , Then update the .htaccess in /EXAMPLE_DIR to point to the new passwd file (now renamed .htpasswd). Except that if I visit the Directory Privacy screen again, it will undo all my work and revert everything somehow. I'm not even sure where it's storing this information that's its recovering these files from.

Since I don't know enough of what cPanel is doing to stop it from meddling, what would be the best way to accomplish this? These directories are using BASIC AUTH as a simple means of login (it's an old site) and I'd like to automate this some. How do I create these programmatically without cPanel screwing it up?
 
Last edited by a moderator:
coursevector

coursevector

Well-Known Member
Feb 23, 2015
162
28
68
cPanel Access Level
Root Administrator
From what i can tell, it's doing the opposite of what i'm trying to do. If i create a folder with an .htaccess and .htpasswd file, it will automatically convert it to use the .htpasswds folder above public_html. Would something like this work then:

1. PHP creates a folder with a .htaccess and .htpasswd file when it 'Adds' a member. Then it will be valid until cPanel sees it. Once it sees it, it migrates it to the .htpasswds folder where it still works.
2. If PHP needs to update the password, it can recreate an .htaccess and .htpasswd in the same directory which will effectively change the password. THen if cpanel sees it, it will migrate the files again.
3. If someone wants to update the password via cpanel, as soon as they open up Directory Privacy, it will trigger the migration and then they can change the password and it will still apply properly.

So at this point I'm thinking as long as I assume cpanel will migrate it eventually I can just overwrite the .htaccess and .htpasswd where PHP has permissions and if they move it should still work properly. Is that probably the best way to work around this? Or is there a better way?
 
cPRex

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
14,260
2,221
363
cPanel Access Level
Root Administrator
Hey hey! I think that's the best plan, so I would try playing with that method a bit. I checked things on my end just now and I couldn't come up with any other solution that was better, so I'd give that a shot and go from there.

You could also submit a feature request to see if we could change the behavior on our end.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
W SOLVED api token passwd problem Developer Experience 5
D passwdpop() function strength rating Developer Experience 1
C programmatically create a mySQL database Developer Experience 4
D Programmatic Bulk Deletion Developer Experience 1
O PHP Script generating forwarders programmatically Developer Experience 2
Similar threads
SOLVED api token passwd problem
passwdpop() function strength rating
programmatically create a mySQL database
Programmatic Bulk Deletion
PHP Script generating forwarders programmatically
Top Bottom