Uploading file (via form) to a different cPanel account

[GoWilkes]

I'm on a semi-managed server, where all of the accounts belong to me.

I'm building a site that shares some data with one of my other sites. I would like to set it up so that if a user is on one site and uploads an image, it will be stored in a directory on the other account. This way, I can access the image via URL on either site.

Meaning, whether you're on example.com or whatever.com and upload an image, the image is saved to /home/example/www/images, and accessible at example.com/images.

I'm doing the upload via Perl, if it matters.

What steps do I need to follow in order to accomplish this? Symlink /home/whatever/www/images to /home/example/www/images? I have to assume that it requires more than changing the permission of /home/example/www/images to 0777.

 

[cPanelMichael]

Hello

Sharing a directory with another account is not recommended due to the security risks of such a setup. You may want to consider having one domain name as an Add-on domain name if you need to share images between websites. Otherwise, you could develop a custom script that copies the files and updates the ownership values and use it as a cron job.

Thank you.

 

[GoWilkes]

I figured that it wasn't recommended, but since I own all of the accounts on the server, I'm not too concerned about that.

An Add-on domain doesn't really work well, because I have a lot of RewriteRules set up for the main account, and don't want them to apply to the new site. I intend to have several sites using the same pictures, too, and eventually that would get VERY confusing.

As for a cron job, I would need this to work on the fly, so that doesn't really work, either. I guess I could write the "success" page on whatever.com to redirect to example.com to copy, and then redirect back to whatever.com, but that's just asking for trouble.

Before I move on to a less-than-ideal workaround, are you saying that sharing a directory like I want CAN'T be done, or just that it's not recommended?

 

[ThinIce]

The issue really is that the product is geared in lots of little ways to try to prevent exactly this for general use shared hosting (arguably even more little ways are required, hence the presence of cloudlinux in the market). What you can do depends on how your apache / interpreters are configured (i.e. jailed apache, open_basedir in php is irrelevant under suphp). I can't say I've ever seen this done in perl, but I do vaugely remember ancient discussions over acls and the fileprotect feature.

If you want to skim it, http://forums.cpanel.net/f185/solutions-handling-symlink-attacks-202242.html might give you a better idea of the security risks (and thus the trade offs for you) as it's about specifically stopping malicious attackers accessing things in other parts of the system by creating symlinks

 

[GoWilkes]

This is still pretty important to some of my projects, and since I'm the only one with access to the server, security isn't a big issue.

Just to clarify, I have an account with a directory full of images that are regularly changed by scripts in the account. I have another account, and I want its scripts to be able to add / delete images in the same directory.

Eg, main directory:

/home/example/www/images/

I set up a symlink from the new account to the main directory, ala:

ln -s /home/example/www/images/ /home/new/

and the scripts in /new/ can read the files in /example/www/images/, but can't upload new ones. FWIW, the permission for the main directory is 0777.

I should mention that there are 6 directories in /example/ that I really want to share.

So, what if I set /home/shared/ to be shared directory (just a directory, not an account), then symlink the directories in both /example/ and /new/ to it? Like so (I think):

Create group
# groupadd shared

Setup username and password for new group
(do I just make up a username and password here?)
# useradd -d /home/shared/ -g shared -m shared_username
# passwd shared_password

Add /example/ as a user
# useradd -d /home/shared/ -g shared example_username
# passwd example_password

Add /new/ as a user
# useradd -d /home/shared/ -g shared new_username
# passwd new_password

Change group ownership
# chown -R shared_username:shared /home/shared/

Set group permission
# chmod -R 2775 /home/shared/

Any problems with that?

The only problem I know of is that the files in /home/shared/images/ wouldn't show up as storage for the /home/example/ account anymore, and the bandwidth wouldn't be applied correctly, but I can live with that.

Is there a way to simply add /new/ as a user to /example/, without creating the 3rd directory and moving everything?

 

[GoWilkes]

Sorry for two in a row, but...

Can I just make "new" a user for the existing "example" without any real problems? Eg:

Add "new_username" to group "example"
# usermod -aG example new_username

Change permissions for each directory to be shared
# cd /home/example/images/
# umask 002
# chmod -R 2775 /home/example/images/