symbolic links between cPanel accounts

Jul 11, 2012
12
1
3
cPanel Access Level
Root Administrator
Hello.
I am facing this problem every time I have to run Easyapache, or migrate to a new hardware, which is not the case (both).
We have a legacy tool that uses a repository of files and they must be shared (just for read access) between more than 2 cpanel accounts, while one of the account must have also create/write permissions.
With Centos 6.x and Apache 2.2 I succeded by following these rules (sorry if they are redundant or contradictory - they were defined along the years-):

- chmod a+x /home/[cpanel_account]/public_html. This must be run on every Apache recompile (using command line or by running Easy Apache from WHM).
- chmod g+w /home/[cpanel_account]/public_html, so shared dirs must be writable by the group.
- Symbolic links will give a permission denied message if one or more directories in the linked path are not world executable. ALSO, the physical directory must be OWNED by the account that symlinks to with WRITE purposes.
- You have to add the user to the apache group: usermod -a -G apache new_user
- Finally, the owner fo the shared directory has to be Apache: chgrp apache shared_dir

So now, after migrated to Centos 7.x and lastest stable Apache offered by cPanel configuration, I cannot make the symlinks to work for all accounts. Always for only one. No luck.
Worst of all, my cooking recipy is now wrong since it seems that the apache group dissapeared.

So any of you guys has faced the same problem? Is PHP suExec guilty, or is any workaround posssible to bypass these security controls? SElinux is disabled.

This is a totally closed cPanel installation. No hosting client will open any cpanel account. All cpanel/whm management is made by internal IT people.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,243
463
Hello,

Could you let us know the PHP handler you are using? You can find this information with the following command:

Code:
/usr/local/cpanel/bin/rebuild_phpconf --current
Thank you.
 
Jul 11, 2012
12
1
3
cPanel Access Level
Root Administrator
Hi Michael
I managed to find the solution.
It was about unchecking the SymLinksIfOwnerMatch option from
WHM, in Apache Configuration / Global settings.
That, added to the rule that "if one account need write permission to a symlink dir, then it must own that directory", made my solution.
In my case, I need only one account with read/write permissions, while all the rest need only read permissions.

Answering your specific question:

[[email protected] ~]# /usr/local/cpanel/bin/rebuild_phpconf --current
Available handlers: suphp dso cgi none
DEFAULT PHP: 5
PHP4 SAPI: none
PHP5 SAPI: suphp
SUEXEC: enabled
RUID2: not installed


Thank you!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,243
463
Hello,

I'm happy to see you were able to address the issue. Thank you for updating us with the outcome.
 

Don D.

Member
Nov 18, 2016
7
0
1
California
cPanel Access Level
Website Owner
Hi Guys,

This is exactly what I needed to do and I am having troubles, would you please walk me thru this as I don't have much experience with linux, WHM and cpanel.

What I try to accomplish:

I have two Magento stores sharing exactly everything from data bases to back admin (which run under Magento). The only different is their domain and their IP address for SSL purpose. I have 1 store is up and running right now under user1 account in my WHM, I am adding 2nd store under user 2 account in WHM. In user 2 public_html, I need to add a bunch of symlinks to public_html folder in user 1 account, along with 1 index.php and 1 .htaccess files. Visitor will visit 2nd store and see that index php, then follow the symlink to the first account and Magento handling the rest from there using resources from first account.

What I have tried so far:

I followed Internetbug256 down to each code:

chmod a+x /home/user1/public_html
chmod a+x /home/user2/public_html

chmod g+w /home/user1/public_html

usermod -a -G apache user1
usermod -a -G apache user2

chgrp apache /home/user1/public_html

I unchecked SymLinksIfOwnerMatch option

Restarted apache

The problem:

I created a symlink: ln -s /home/user1/public_html/app /home/user2/public_html/app
The folder created but nothing inside it. I know it is a symbolic link, but when clicking on it, you suppose to see what in that folder from user1 account right?

My set up:

Dedicated server
Centos 7/apache
WHM/cpanel
This server right now only have 2 above account and will not have anything else later, I read a lot about this option and many commented the security breach of this option. I am aware of it and really want to go on with it.

Please help me! I am greatly appreciated!

Don
 

Don D.

Member
Nov 18, 2016
7
0
1
California
cPanel Access Level
Website Owner
So far I managed to get exactly what I wanted above... with a few minor changes where the group name is different (after I figured out the original post used apache as example group name! :) )

My problem now is when loading store 1, it is fine but when loading store 2, I have that CORS problem! Because obviously the skin images/css are running from store 1 url, making it mismatching in the head!

I have tried adding:

Header set Access-Control-Allow-Origin "*"

to the .htaccess files of both store, but still not working

Would you please offer some help on this?

Thanks so much in advance!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,243
463