Performance
Start Topic
Declan

MT problems with multiple CPanel accounts, Suexec, and permissions on a dedicated server

By Declan on May 9, 2011 at 1:43 PM 1 Vote 0 Votes

Hi,

After months of problems, and knowing that there are people who run MT on their own dedicated server, onto multiple cpanel accounts, I ask this question with the humility that I am a much better blogger than tech...anything silly below, is my bad ;-)

I've got Movable Type set up on my own dedicated server (mt-check.cgi info at bottom of this email), and running into multiple problems with permissions on posts, public_html directories via cpanel (going 750 from 755 because Apache may be blocking my "Master" user from accessing other cpanel accounts) changing and causing havoc with my system.

Let me try to explain succinctly:

1. I have a dedicated server on Linux, I can control everything, suexec, httpd.conf, etc. MT runs on suexec.

2. I have 5-10 cpanel accounts for my blog authors; these are all published from one cpanel account that has mt installed, and published to these other accounts. So users will log in under my mt.cgi script, and the post will be published to their cpanel account on the same server. It does work, just every 30-60 days it starts changing permissions, and we really don't adapt MT code very much...we're just bloggers.

I've given my "Master" account/user permission to do this, and it works for a while then breaks down, because CPanel only wants the user assigned to update that Cpanel account - and setting up a group with my Master user given access to these accounts has not worked either.

We have total control over the server and know all our writers closely, and it works better having our folks have their own cpanel accounts, even though mt works better if we put everyone in the same cpanel account - problem comes with setting up emails, tracking traffic, etc...just works better with different cpanel accounts.

3. Right now we've set up the master user account to be able to publish to the other accounts, which intermittently goes and resets permissions on the various MT files, and then spreads to other mt files - for example, user X posts a blog, the permissions for that post are set to 644 (our mt permissions are 755, and we have HTML Perms 755 in mt-config.cgi), and OTHER recent posts in different cpanel accounts are then reset to 644, which shuts it all down, plus the public_html directories are set to 750, because Apache does not let give that final access to my Master user to basically control every users account.

We've thought of setting up groups on our server, with the Master given access to other cpanel accounts, but this is a bandaid at best, and breaks down.

4. I think the problem is between SUexec, mt.cgi, and my various cpanel accounts. I suggested to my tech that we set suexec to mt permissions for files, folders, and cgi scripts, which he did, but the problem is in one cpanel account having access to other accounts, and there is no way to set up that account as a "master" for the entire server, because that is Apache's job, and no one else. (My best guess here)

My question; I know people do run MT on dedicated servers with multiple cpanel accounts, do you have a link, or advice, on how to do this so we don't have permissions reset? Where should I be looking (I've tried numerous things in 9 months to no success?) for answers, or tweaks I could do on my server to make this work?

Setting up all 10 or so users on my Master mt account is troublesome, because now my various authors can manage their own businesses, and if we put it all under one account, that would cause alot of confusion, in terms of tracking traffic, setting up emails, everything...the master site gets tons of traffic and is an educational site, unrelated to what others do...suffice to say not the best solution.

Any suggestions? Thanks.
Peace
Declan

PS My mt-config.cgi file and mt-check.cgi for server
XXXXX(removed) means I took out private data...thanks!

my mt-config.cgi

## Movable Type configuration file ##
## ##
## This file defines system-wide settings for Movable Type ##
## In total, there are over a hundred options, but only those ##
## critical for everyone are listed below. ##
## ##
## Information on all others can be found at: ##
## http://www.movabletype.org/documentation/appendices/config-directives/ ##

################################################################
##################### REQUIRED SETTINGS ########################
################################################################

# The CGIPath is the URL to your Movable Type directory

CGIPath http://remember.org/mt/


# The StaticWebPath is the URL to your mt-static directory
# Note: Check the installation documentation to find out
# whether this is required for your environment. If it is not,
# simply remove it or comment out the line by prepending a "#".

StaticWebPath http://remember.org/mt/mt-static/
StaticFilePath /home/remember/public_html/mt/mt-static
CaptchaSourceImageBase /home/remember/mt/mt-static/images/captcha-source
MemcachedServers XXXXX(removed)
MemcachedDriver Cache::Memcached::Fast

#================ DATABASE SETTINGS ==================
# REMOVE all sections below that refer to databases
# other than the one you will be using.

##### MYSQL #####
ObjectDriver DBI::mysql
Database XXXXX(removed)
DBUser XXXXX(removed)
DBPassword XXXXXXX (removed)
DBHost localhost


##### PERMISSIONS #####
DBUmask 0022
HTMLUmask 0022
UploadUmask 0022
DirUmask 0022
HTMLPerms 0777
UploadPerms 0777

LaunchBackgroundTasks 0
ImageDriver ImageMagick

====================================================
my mt-check.cgi config:
System Information

Movable Type version: 4.35-en
Current working directory: /home/remember/public_html/mt
MT home directory: ./
Operating system: linux
Perl version: 5.8.8
Perl include path:
plugins/MultiBlog/lib
plugins/WXRImporter/lib
plugins/Textile/lib
plugins/zemanta/lib
plugins/TypePadAntiSpam/lib
plugins/StyleCatcher/lib
plugins/disqus/extlib
plugins/disqus/lib
plugins/spamlookup/lib
plugins/WidgetManager/lib
plugins/mt-cumulus_v1.02/lib
extlib
extlib
lib
/usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.8
/usr/lib/perl5/site_perl
/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.8
/usr/lib/perl5/vendor_perl
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/5.8.8
.
Web server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.5 Perl/v5.8.8
(Probably) Running under cgiwrap or suexec
Checking for Required Modules

CGI::Cookie
Your server has CGI::Cookie installed (version 1.20).

File::Spec (version >= 0.8)
Your server has File::Spec installed (version 3.33).

Image::Size
Your server has Image::Size installed (version 2.93).

CGI
Your server has CGI installed (version 2.80).

Checking for Data Storage Modules

Some of the following modules are required by the various data storage options in Movable Type. In order run the system, your server needs to have DBI and at least one of the other modules installed.

DBI (version >= 1.21)
Your server has DBI installed (version 1.616).

DBD::mysql
Your server has DBD::mysql installed (version 4.018).

DBD::SQLite
Your server has DBD::SQLite installed (version 1.29).

DBD::Pg (version >= 1.32)
Either your server does not have DBD::Pg installed, the version that is installed is too old, or DBD::Pg requires another module that is not installed. The DBD::Pg database driver is required to use PostgreSQL Database. Please consult the installation instructions for help in installing DBD::Pg.

DBD::SQLite2
Your server has DBD::SQLite2 installed (version 0.33).

Checking for Optional Modules

The following modules are optional. If your server does not have these modules installed, you only need to install them if you require the functionality that the module provides.

Scalar::Util
Your server has Scalar::Util installed (version 1.23).

Crypt::DSA
Your server does not have Crypt::DSA installed, or Crypt::DSA requires another module that is not installed. This module accelerates comment registration sign-ins. Please consult the installation instructions for help in installing Crypt::DSA.

XML::SAX
Your server has XML::SAX installed (version 0.96).

IPC::Run
Your server has IPC::Run installed (version 0.89).

Archive::Zip
Your server has Archive::Zip installed (version 1.30).

Storable
Your server has Storable installed (version 2.25).

SOAP::Lite (version >= 0.5)
Your server has SOAP::Lite installed (version 0.710.08).

List::Util
Your server has List::Util installed (version 1.23).

HTML::Entities
Your server has HTML::Entities installed (version 3.68).

Digest::MD5
Your server has Digest::MD5 installed (version 2.51).

Text::Balanced
Your server has Text::Balanced installed (version 1.95).

Crypt::SSLeay
Your server has Crypt::SSLeay installed (version 0.58).

GD
Your server has GD installed (version 2.45).

Archive::Tar
Your server has Archive::Tar installed (version 1.76).

Safe
Your server has Safe installed (version 2.27).

XML::Parser
Your server has XML::Parser installed (version 2.40).

IO::Uncompress::Gunzip
Your server has IO::Uncompress::Gunzip installed (version 2.033).

Digest::SHA1
Your server has Digest::SHA1 installed (version 2.13).

IO::Compress::Gzip
Your server has IO::Compress::Gzip installed (version 2.033).

XML::Atom
Your server has XML::Atom installed (version 0.25).

Image::Magick
Your server has Image::Magick installed (version 6.4.8).

LWP::UserAgent
Your server has LWP::UserAgent installed (version 2.001).

MIME::Base64
Your server has MIME::Base64 installed (version 3.13).

Mail::Sendmail
Your server does not have Mail::Sendmail installed, or Mail::Sendmail requires another module that is not installed. This module is required for sending mail via SMTP Server. Please consult the installation instructions for help in installing Mail::Sendmail.

HTML::Parser
Your server has HTML::Parser installed (version 3.68).

File::Temp
Your server has File::Temp installed (version 0.12).

Movable Type System Check Successful

You're ready to go! Your server has all of the required modules installed; you do not need to perform any additional module installations. Continue with the installation instructions.

Reported on Movable Type 4.3

1 Reply

| Add a Reply

Add a Reply

If you need to share template code, replace all the "<" signs with "&lt;" or use this utility.

Forum Groups

1774 6167

Last Topic: Template modules by Zielun on Feb 16, 2012

86 302

Last Topic: website entries by masoud on Oct 26, 2011

1434 5088

Last Topic: Maintenance announcement by Nick on Feb 17, 2012

695 2912

Last Topic: Insert Image / File Fails by Russ Miller on Feb 10, 2012

84 291

Last Topic: How to have some other characters in entry basename automatically written by Afshin Haghighatnia on Dec 22, 2011

174 740

Last Topic: Captcha images rendering slowly by ScottM on Feb 12, 2012

190 568

Last Topic: Analytics Reporting by michael webster on Feb 5, 2012

26 95

Last Topic: How do ProNet Licensees Get Current Versions of Movable Type? by Bill on Aug 28, 2011

48 210

Last Topic: An idea and also a request by Afshin Haghighatnia on Jun 29, 2011

64 246

Last Topic: jQuery in MT 5.1 still at 1.4 - why? by perlmonkey on May 25, 2011

code.sixapart.com

137 478

Last Topic: Getting a thumbnail with xpath by Peter on Mar 13, 2011

222 720

Last Topic: Custom Field for Asset Not Appearing by android on Feb 9, 2012