Multisite with hosting control panel, like CPanel, Plesk - possible? How?

I have successfully been able to run multiple cPanel users sites from a single drupal code base and without recreating any files.

I literally wrestled with this problem all day yesterday however I believe I've got something which could work. I will post a full detailed document when I get more time to test it however here is the gist of it.

Requirements:
Root access to server
OS Supports symlinks (there's a good few in here, sorry Windows)

Drupal directory: called this folder drupal
The sites folder in drupal must be empty. This is important

move drupal to:
/usr/share/drupal

So no-one can peek at code
chmod 750 /usr/share/drupal/ -R

Now for the confusing part. cPanel users have their multisite folder inside their home directory. eg. /home/user1/site1.com
You now create the symlink "site1.com" inside /user/share/drupal/sites (this is why we needed the sites directory empty earlier)
e.g.

ln -s /home/user1/site1.com /usr/share/drupal/sites/site1.com

Now we rename the users public_html or whatever to "public_html.bk" as a backup.

Next is one last symlink. Create a symlink which will replace public_html and point to our shared drupal code base
e.g.

ln -s /usr/share/drupal /home/user1/public_html.

Last step and one which game me a world full of problems.
You cannot to the best of my knowledge complete this with suPHP enabled. I turned on CGI under PHP Configuration within WHM and it worked!

Oh, and you set the owner of the drupal code base to your apache user. In my case, this was user "nobody"
e.g.
chown nobody:nobody /usr/share/drupal -R

Assuming you've been able to follow this mind bend of a solution, you should now....hopefully... have multiple cPanel users each with their own drupal site, running from a single drupal code base and with their own databases.

Voila!

As I said, I will be posting one huge recipe for this in more specifics later. With charts and graphs along with how I manage this all with SVN. I will post back here when its done.

-- If anyone can put in some feedback for this solution then get posting. Security is a concern I have and would like to hear how this solution tackles it.

Hi again,

I have put this to the test and have some questions / potential solutions. I think it's best if we work through these together.

file ownership

If apache is running as nobody this means that uploaded files are also owned by nobody. CPanel reports disk usage based on ownership. I have solved this issue by having cron running a daily script that changes ownership of all files in the files directory, based on the user. Eg user1:nobody, 775

accessing other users files

Since the sites directory is full of symlinks where the destination is owned by nobody:nobody or user1:nobody administrators are able to set the files directory path (at admin/settings/file-system) to another websites files directory. This is highly undesirable. The only workaround I can think of is to remove the permission "administer site configuration" and only access it with the admin account. This does not help if the user has access to the database, eg via cpanel. Luckily in WHM you can restrict the feature set and remove users access to MySQL databases and PhpMyAdmin. I would also recommened changing ownership of the site's settings.php to root:nobody with permissions 440

publishing other users files

Considering all previously mentioned there is nothing stopping anybody from accessing files for example2.com from example1.com. For example you could navigate to example1.com/sites/example2.com/files/test.jpg. Since example2.com is just a symlink, and the apache user has access to the files dir, the image will be served up. I guess this is not such a big problem since the files directory would be public to the world anyway, however it really shouldn't occur. The work around I have come up with is to place the files directory in /home/user1/files/example.com, set that absolute path in admin/settings/file-system, set download method to private and remove access to administer that page. Can you think of a better way to handle this?

Congrats mstrelan, thats further than I've managed to get.

I was experimenting with binded mounts of the drupal codebase inside the users homedirectory, so the users actually see all the files. I maybe got a little too adventurous and ended up corrupting something important. 6 hours of vps rebuilding later and I'm back on track.

I am aiming to get this working with suPHP also, just for that last squeeze of security. This could work if we do a readonly mount of the drupal files inside the users directory. Unfortunately there is a bug in CentOS 5.4 which does not address the allowance of bind + readonly mounts together so you can imagine, I'm jumping through a lot of hoops.

One concern I have with having the users files and shared files in the same group is this:
Is it possible to create a small module that will open/view a file from the other users site maybe a simple fopen or fread to the absolute location of another users site files.

I understand that suExec is supposed to stop execution of another persons files but as the drupal code and another users code is in the same group this may allow escalation. Just a thought if you could do a simple test for this.

Another factor I am looking into implementing is the Aegir system. Obviously with having the site folders in one place this is a lot more straight forward.

Finally, a solution which maybe seems a little backwards to our goal and maybe I'll look into more as a last resort is to actually keep rsynced copies of the sites which update themselves on cron run. This is going to reproduce the codebase per account but at least we'll have them in sync for changes.

I'll let you know how I get on. Hopefully today won't involve 101 reconfigurations of apache.

Hi there,

My previous post on using SuExec seemed great, except it means that you cannot use php_value directives in .htaccess files. This is not usually a problem except that I am running this on the same server as an old OSCommerce site, which requires register_globals to be On. By enabling SuPHP I can create a separate php.ini file in the oscommerce user's public_html directory. But now I need to get my Drupal symlinks working with SuPHP.

SuPHP basically requires the drupal php files to be owned by the current user, so symlinking ~/public_html to /usr/share/drupal just isn't going to cut it, no matter what permissions you assign. The great thing about Drupal however, is that users only ever access index.php, update.php, cron.php and install.php. So now what we can do is create a group called drupal, assign the user to this group (as a secondary group), assign group ownership to the core drupal files to this drupal group and finally include these files from actual files owned by the user. Let me describe this in more detail.

Create a group
groupadd drupal

Add the user to this group
usermod -G drupal

Assign drupal files to this group

Setup php files
In each users public_html directory:
index.php, cron.php, update.php, install.php

Also need to

Then we just have to move the sites/example.com directory in to the users public_html/sites directory. The settings.php file can have 400 permissions and the files directory can have 755. All of these should be owned by user1:user1

There is now no way to write to another users files directory, or to fopen another users file. You cannot include another users settings.php, or read it in any way. Heck, you can't even include another users file.
Since the sites directory exists in the users account there is also no way for them to list what other sites exist in the actual sites directory

What do you think about this approach? There is a bit more setup involved, although this can be scripted. There is also the chance the user could screw up their php files, but when it comes down to it that's their own fault, and if the setup is scripted it could be fixed again easily.