The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Subdomain Document Root

Discussion in 'Security' started by Lezarwerks, Mar 9, 2009.

  1. Lezarwerks

    Lezarwerks Member

    Joined:
    Oct 15, 2006
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    I used to be able to set the Document Root when creating Subdomains to [H]/blah123, but now it forces /public_html/ (or [H]/public_html/blah123) no matter what. How can I get it to stop forcing the public_html to the document root? What's the point of even having the [H] icon with a big blank field of ______________ if you aren't supposed to do anything below /public_html/?

    I want to organize my subdomains in /subdomains/<subdomain>/ rather than /public_html/<subdomain>/, because then you can access that subdomain by going to domain.com/<subdomain> AND <subdomain>.domain.com, when I -only- want <subdomain>.domain.com.
     
  2. ChrisRHS

    ChrisRHS Well-Known Member

    Joined:
    Jul 12, 2006
    Messages:
    292
    Likes Received:
    5
    Trophy Points:
    18
    Not sure about this one, however, try checking the option in WHM / Tweak Settings / Prevent users from creating subdomains outside of their public_html directory.
     
  3. Lezarwerks

    Lezarwerks Member

    Joined:
    Oct 15, 2006
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Are there any security vulnerabilities enabling that? Is it possible to screw/mess up operating system files through this? What can possibly be done by enabling this that would endanger the server, cPanel, other user accounts, etc?
     
  4. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    The Tweak Setting ChrisRHS mentioned will actually prevent creation of document roots like /home/user/subdomains/whatever, thus forcing all document roots to be in /home/user/public_html. What he possibly meant was to examine your Tweak Settings page to determine whether that tweak setting is enabled ( checked ). If it is enabled ( checked ), disable it.
     
  5. Lezarwerks

    Lezarwerks Member

    Joined:
    Oct 15, 2006
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Yeah I know. I got it disabled after he made that post -- but I'm wanting to know if there would be any potential harm in allowing users/customers to be able to put subdomain document roots in places other than the usual ~/public_html/ ?

    By the way, thanks to both of you. :D That was what I was looking for.
     
  6. neorder

    neorder Well-Known Member

    Joined:
    Jun 16, 2003
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    So I want know if there would be any potential harm?
     
  7. paulkoan

    paulkoan Well-Known Member

    Joined:
    Nov 24, 2006
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    6
    What are the security considerations when permitting the creation of document roots outside of public_html?
     
Loading...

Share This Page