The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

symbolic links between cPanel accounts

Discussion in 'General Discussion' started by internetbug256, Sep 11, 2016.

  1. internetbug256

    Joined:
    Jul 11, 2012
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello.
    I am facing this problem every time I have to run Easyapache, or migrate to a new hardware, which is not the case (both).
    We have a legacy tool that uses a repository of files and they must be shared (just for read access) between more than 2 cpanel accounts, while one of the account must have also create/write permissions.
    With Centos 6.x and Apache 2.2 I succeded by following these rules (sorry if they are redundant or contradictory - they were defined along the years-):

    - chmod a+x /home/[cpanel_account]/public_html. This must be run on every Apache recompile (using command line or by running Easy Apache from WHM).
    - chmod g+w /home/[cpanel_account]/public_html, so shared dirs must be writable by the group.
    - Symbolic links will give a permission denied message if one or more directories in the linked path are not world executable. ALSO, the physical directory must be OWNED by the account that symlinks to with WRITE purposes.
    - You have to add the user to the apache group: usermod -a -G apache new_user
    - Finally, the owner fo the shared directory has to be Apache: chgrp apache shared_dir

    So now, after migrated to Centos 7.x and lastest stable Apache offered by cPanel configuration, I cannot make the symlinks to work for all accounts. Always for only one. No luck.
    Worst of all, my cooking recipy is now wrong since it seems that the apache group dissapeared.

    So any of you guys has faced the same problem? Is PHP suExec guilty, or is any workaround posssible to bypass these security controls? SElinux is disabled.

    This is a totally closed cPanel installation. No hosting client will open any cpanel account. All cpanel/whm management is made by internal IT people.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,674
    Likes Received:
    646
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you let us know the PHP handler you are using? You can find this information with the following command:

    Code:
    /usr/local/cpanel/bin/rebuild_phpconf --current
    Thank you.
     
  3. internetbug256

    Joined:
    Jul 11, 2012
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Michael
    I managed to find the solution.
    It was about unchecking the SymLinksIfOwnerMatch option from
    WHM, in Apache Configuration / Global settings.
    That, added to the rule that "if one account need write permission to a symlink dir, then it must own that directory", made my solution.
    In my case, I need only one account with read/write permissions, while all the rest need only read permissions.

    Answering your specific question:

    [root@web ~]# /usr/local/cpanel/bin/rebuild_phpconf --current
    Available handlers: suphp dso cgi none
    DEFAULT PHP: 5
    PHP4 SAPI: none
    PHP5 SAPI: suphp
    SUEXEC: enabled
    RUID2: not installed


    Thank you!
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,674
    Likes Received:
    646
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  5. Don D.

    Don D. Registered

    Joined:
    Nov 18, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    California
    cPanel Access Level:
    Website Owner
    Hi Guys,

    This is exactly what I needed to do and I am having troubles, would you please walk me thru this as I don't have much experience with linux, WHM and cpanel.

    What I try to accomplish:

    I have two Magento stores sharing exactly everything from data bases to back admin (which run under Magento). The only different is their domain and their IP address for SSL purpose. I have 1 store is up and running right now under user1 account in my WHM, I am adding 2nd store under user 2 account in WHM. In user 2 public_html, I need to add a bunch of symlinks to public_html folder in user 1 account, along with 1 index.php and 1 .htaccess files. Visitor will visit 2nd store and see that index php, then follow the symlink to the first account and Magento handling the rest from there using resources from first account.

    What I have tried so far:

    I followed Internetbug256 down to each code:

    chmod a+x /home/user1/public_html
    chmod a+x /home/user2/public_html

    chmod g+w /home/user1/public_html

    usermod -a -G apache user1
    usermod -a -G apache user2

    chgrp apache /home/user1/public_html

    I unchecked SymLinksIfOwnerMatch option

    Restarted apache

    The problem:

    I created a symlink: ln -s /home/user1/public_html/app /home/user2/public_html/app
    The folder created but nothing inside it. I know it is a symbolic link, but when clicking on it, you suppose to see what in that folder from user1 account right?

    My set up:

    Dedicated server
    Centos 7/apache
    WHM/cpanel
    This server right now only have 2 above account and will not have anything else later, I read a lot about this option and many commented the security breach of this option. I am aware of it and really want to go on with it.

    Please help me! I am greatly appreciated!

    Don
     
  6. Don D.

    Don D. Registered

    Joined:
    Nov 18, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    California
    cPanel Access Level:
    Website Owner
    So far I managed to get exactly what I wanted above... with a few minor changes where the group name is different (after I figured out the original post used apache as example group name! :) )

    My problem now is when loading store 1, it is fine but when loading store 2, I have that CORS problem! Because obviously the skin images/css are running from store 1 url, making it mismatching in the head!

    I have tried adding:

    Header set Access-Control-Allow-Origin "*"

    to the .htaccess files of both store, but still not working

    Would you please offer some help on this?

    Thanks so much in advance!
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,674
    Likes Received:
    646
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page