The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WHM Domain User Cross Folder Permission

Discussion in 'Security' started by digioz, Jul 22, 2012.

  1. digioz

    digioz Registered

    Joined:
    Sep 9, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    Hello All,

    I have a Dedicated Server with some 50 domains hosted on it as individual Accounts. I am trying to give write permission to the user of the first domain to a folder on the second users web directory. Here is the layout:

    Domain1.com
    -------------
    Admin User: domain1
    Web Path: /home/domain1/public_html/

    Domain2.com
    -------------
    Admin User: domain2
    Web Path: /home/domain2/public_html/
    Upload Path: /home/domain2/public_html/uploads/

    I have set the permission for the "uploads" folder which is on domain2.com to 777, but it still gives me this error when a PHP script from domain1.com tries to upload an image file to domain2.com:

    Code:
    Warning: move_uploaded_file(/home/domain2/public_html/uploads/201207221737071.jpg) [function.move-uploaded-file]: failed to open stream: Permission denied in /home/domain1/public_html/content.php on line 103
    
    I have already tried giving "domain1" user ownership of the "uploads" folder on domain2.com using the following command which made no difference:

    Code:
    chown -Rv domain1 /home/domain2/public_html/uploads/
    Any help would be much appreciated.

    Thanks,
    Pete
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello Pete,

    If you are using suPHP, then FileProtect prevents this behavior and it's why you cannot get this to work.

    The options are to:

    a) disable FileProtect using "/scripts/disablefileprotect" whcih poses a grave security risk
    b) Place the contents into /usr/local/cpanel/htdocs/ instead to call them and link from each account to those files or that folder (discussed at http://forums.cpanel.net/f5/read-php-script-reseller-account-suphp-243912.html#post1010212)
    c) Use the suggestion in this post at http://forums.cpanel.net/f5/sync-directories-2-accounts-one-server-both-ways-283992.html#post1188331 for creating a hard link and using bindfs

    Thanks!
     
  3. digioz

    digioz Registered

    Joined:
    Sep 9, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    Hello Tristan,

    Thank you for your response.

    Regarding a) I agree that this would be a huge risk, so I would rather not go this route.

    Regarding b) I don't think this is a good option for me to use because I need a whole different "uploads" folder for each domain since there will be domain3, domain4, etc and each will need it's own "uploads" folder, but I still want the "domain1" user which is where the Admin Area for all domains resides to be able to write to these folders. I am also a bit worried that the media files would be residing in a system folder (/img-sys/media.ext). Is this risky?

    Regarding c) After reading the post in the link you gave me above I got the impression that bindfs is basically a directory pointer/link in the file system.

    Perhaps it would make sense for me to create individual sub-folders inside "/img-sys/" as "/img-sys/domain1/uploads/", and so forth and then place a link folder to each upload folder so that the path is still "domain1.com/uploads" on the web server but it resides inside the "/img-sys" folder where all users have access to it?

    Thanks,
    Pete
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hi Pete,

    The folder would need to be /usr/local/cpanel/htdocs for anything that isn't an image such as a script. I didn't extensively test using that shared folder either, but only tested basic scripts. You are definitely welcome to try it. If it doesn't work, the option would be to fall back to using option c)

    Thanks!
     
Loading...

Share This Page