Page tree
Skip to end of metadata
Go to start of metadata

Database Mapping

In cPanel & WHM 11.28, we introduced the Database Mapping feature (Main >> SQL Services >> Database Mapping). This feature lays the groundwork for more flexibility in how you name databases and database users.

In the past, cPanel has always prepended an account's username to any database name or database username created by the account (for example, a database might be named user_dbname). This changes with the addition of the Database Mapping feature.

Database Mapping provides the following benefits:

  1. Accounts transferred from non-cPanel servers, such as those that run Plesk or Ensim, will no longer have the cPanel account name added as a prefix to the names of databases and database users. This means that applications such as blogs and forums should work with minimal or no changes after a transfer.
  2. Server owners can disable use of the database name prefix server-wide. If a server owner chooses this option, databases and database users will no longer be created with the cPanel account as a prefix (for example, a database could be named dbase instead of user_dbase). This option is not reversible.

Both of the features above will make a server incompatible with older versions of cPanel if either of the folllowing is true:

  1. a non-cPanel account is transferred to an cPanel & WHM version 11.28 server, or
  2. the server owner opts to disable prefixing, in which case that server will not be able downgrade to cPanel & WHM version 11.28 later.

If you transfer an account from a cPanel system that does not use the database prefix to one that does (For example a cPanel & WHM version 11.28 server with prefixing disabled, to a cPanel & WHM version 11.28 server) will result in support issues. Databases and database users whose names lack the prefix will be unmanageable in the cPanel interface.

Note:

Databases created by cPAddons will always be named with a prefix, regardless of whether Database Mapping is turned on or off. The prefix will consist of the database username, followed by an underscore (_).

For more information about Database Mapping, see our Database Mapping white paper (PDF).

Database Creation

Prior to cPanel & WHM version 11.28, cPanel users were able to create a database via direct MySQL connections as long as the database was properly prefixed for the cPanel account (e.g. account-name_database).

However, in cPanel & WHM version 11.28, if the WHM administrator turns prefixing off, the grant statement that provides that permission will be removed. This will cause the cPanel account's MySQL user to not be able to create databases via direct MySQL connections. cPanel users will need to use the cPanel User Interface (UI) or API to create databases if prefixing has been disabled.

Removed phpMyAdmin User Modification Features

In cPanel & WHM 11.28, we removed some user modification features from phpMyAdmin. The features we have removed include the following:

  • The ability to add users
  • The ability to delete users
  • The ability to modify certain user properties, such as the hostname.

Custom Webmail

Server owners can now offer third-party webmail applications from the cPanel interface. This requires some Perl scripting ability.

LOCK Method for WebDAV

cPanel's Web Disk feature, provided by the cpdavd service, is now fully compliant with the RFC 4918 Class 2 WebDAV standard.

This means that cpdavd now provides full resource locking support, increasing the range of supported WebDAV clients significantly. Errors that previously occurred when users saved files via Microsoft® Office®, as well as seemingly random failures that perform bulk file operations from Mac OS® X Finder®, are alleviated with the implementation of a proper locking mechanism.

Changes to phpMyAdmin Authentication

cPanel & WHM version 11.28 substantially changes the way that phpMyAdmin authenticates.

We have added a new phpMyAdmin authentication library, located at /usr/local/cpanel/base/3rdparty/phpMyAdmin/libraries/auth/cpanel.auth.php. Its purpose is to allow for multiple types of authentication to phpMyAdmin, as the user's cpanel account does not necessarily have to have the same password for MySQL as it uses for system authentication.

When phpMyAdmin loads, it will now attempt to get authentication data from multiple sources. It will attempt a mysql_connect() against the configured MySQL server for each source, until it finds the correct authentication information. The order of sources that it will attempt to load is:

  1. The user's system password.
  2. The user and password contained in ~/.my.cnf
  3. If both of these fail, it will prompt for authentication with a login form.

As a result of this change, users should take note of the following information:

  • When invalidated session data exists, it is possible for phpMyAdmin to have authentication issues. If you notice abnormalities in phpMyAdmin, your fist step should be to clear the browser session data to attempt to resolve the issue.
  • The Log out link in phpMyAdmin only functions when the user has authenticated manually with a login form. The function of this Log out link is to remove and invalidate the temporary files, and redirect to the login page. If the correct login credentials are still available to phpMyAdmin (in the user's system password via the environment, or in ~/.my.cnf), the login process will reconnect upon redirect. As a result, the Log out link will have no effect in this case.

 

User Interface Changes in WHM

Breadcrumbs now appear in all WHM screens. These are navigation links that appear at the top of each page.

In addition, WHM includes the following updates.

Updated Screens

cPanel & WHM Configuration screens

WHM includes updates to the following interfaces:

  • Basic cPanel/WHM Setup.
  • Tweak Settings.
  • Exim Configuration Editor.

Each interface has been changed in the following ways:

  • It has been reorganized into tabs, making specific settings easier to find.
  • If offers radio "on/off" buttons instead of checkboxes.
  • It attempts to warn the user if he or she tries to enter invalid data. In addition, any invalid data the user enters will be replaced by an acceptable value when the user clicks Save.

You can find a complete description of each updated interface in our WHM User Guide.

New Default Values

Default values for the following options on the Tweak Settings screen have changed:

  • Enable HTTP Authentication now defaults to off.
  • Require SSL now defaults to on.

The default value for the following setting on the Exim Configuration Editor screen has been changed:

  • Reject mail for users over quota at SMTP time now defaults to on.

The default value for the following setting on the Basic cPanel/WHM Setup screen has been changed:

  • The minimum user ID value used when creating new accounts now defaults to 500

    Warning:

    A blank field is no longer a valid entry.

Changing the Default Apache Port in Tweak Settings

On the Tweak Settings screen in WHM, the server owner has long been able to change the port on which the Apache web server listens for requests.

While using this option to configure Apache to listen on a port other than the default has previously broken the functionality of various utilities on the server, with cPanel & WHM version 11.28, those failures no longer occur.

The utilities that now function with Apache listening on a non-default port are:

  • The apachectl script
  • The httpd daemon
  • The checksrvd daemon
  • The Apache Status page in WHM

 

Setting the Default Email Quota for New Accounts in Tweak Settings

Three new options on the Tweak Settings screen allow server owners to set up defaults for email quotas. Server owners can now:

  • Specify available options for email quotas (user-defined, unlimited, or both).
  • Specify the default user-defined quota value for new accounts.
  • Specify which quota option (user-defined or unlimited) will be the default.

Note:

This setting was removed in cPanel & WHM version 11.28.74.

 

 

Choose MD5 Passwords in Tweak Settings

The Tweak Settings screen offers the following new option:

  • Use MD5 passwords with Apache

Formerly, cPanel & WHM used the crypt password hashing function. Now, server owners can opt to use MD5 hashing instead.

Both crypt and MD5-encoded passwords can be any length. However, crypt only uses the first eight characters of the password for authentication.

The INFORMATION_SCHEMA View

In Tweak Settings, you can now enable the Use INFORMATION_SCHEMA option  when you calculate disk usage. This can, however, degrade MySQL performance. This option is:

Sett the Maximum Number of cpsrvd Connections

Tweak Settings now allows you to specify the maximum number of connections cpsrvd can have open at once with the Max cPanel/WHM/Webmail service handlers option.

Security Tokens Enabled by Default on New Installations

In cPanel & WHM version 11.28, new installations of cPanel & WHM will have Security Tokens enabled by default. You can enable or disable Security Tokens in WHM's Tweak Settings interface.

Systems that upgrade to cPanel & WHM version 11.28 will retain their configurations.

 

The Apache Global Configuration Screen

In cPanel & WHM 11.28, WHM's Apache Configuration interface (Main » Service Configuration » Apache Configuration » Global Configuration) now offers the following directives

Click a directive name in the following table to read Apache's documentation:

 

DirectiveDescription
StartServersThis directive sets the number of child server processes created when Apache starts up.
KeepAliveThis directive enables long-lived HTTP sessions, which allow multiple requests to be sent over the same TCP connection. This can speed up latency times for HTML documents with many images.
KeepAliveTimeoutThis directive sets the number of seconds Apache will wait for a subsequent request before it closes a connection.
MaxKeepAliveRequestsThis directive limits the number of requests a TCP connection can make when KeepAlive is on. Set this value to 0 to specify that you do not wish to limit KeepAlive requests.
TimeOutThis directive defines the amount of time Apache will wait for certain events before it fails a request.
ServerLimitThis directive sets the maximum configured value for the MaxClients directive for the lifetime of the Apache process.

 

List Accounts

When the server owner uses the Tweak Settings screen to disable the root and account owners' abilities to log in to cPanel user accounts, the List Accounts interface does not display the cPanel logo that links to users' cPanel accounts. This functionality has long been present in WHM.

Now, a notification appears to clarify the reason that cPanel user accounts are no longer available from List Accounts.

For the root user,  the notification is as follows:

Root access to users' cPanel accounts has been disabled in Tweak Settings (System).

For resellers, the notification is as follows:

Reseller access to users' cPanel accounts has been disabled in Tweak Settings (System).

 

Modify an Account

cPanel & WHM version 11.28 includes two changes to the Modify an Account interface:

  • Modification of a user's account will change the user's package to undefined. The undefined package is a reserved package name that can contain different values for different users.
  • This screen now includes a setting for Max Relayed mails/hour/domain. This option sets a limit on the number of emails relayed per hour for the account's main domain only.

    Note:

    If you previously used the build_maxemails_config script to set different limits for each domain, this field will display the limit assigned to the primary domain for the account.

cPHulk Brute Force Protection

The daemon that provides the cPHulk Brute Force Protection feature (cphulkd) now allows whitelisting of a range of IP addresses that arewritten in CIDR notation.

You can find the graphical interface for whitelisting IP addresses in WHM's cPHulk Brute Force Protection interface (Main >> Trusted IPs >> cPHulk Brute Force Protection)

Terminate Accounts

Resellers with access to the WHM Terminate an Account interface can no longer terminate their own WHM account.

New Screens

cPanel & WHM version 11.28 also includes the following new interfaces:

  • Configure Security Policies — See Security Policy changes below for more information.
  • Security Questions — See Security Policy changes below for more information.
  • Database Map Tool — This allows a server owner to confer access to a database, via cPanel, to two or more cPanel users.
  • Disable Database Prefix — This allows a server owner to disable database prefixes as described in the Database Mapping section above.

 

Removed Screens

In cPanel & WHM version 11.28, we removed the following interfaces:

  • Interactive Knowledge Base
  • x3 Skin Migration Wizard

Changes to the WHM Interface Template

In cPanel & WHM version 11.28, WHM begins its migration to a template-based interface with the Template Toolkit. In the future, a template-based WHM interface will offer the ability for users to:

  • Create custom branding or translation for WHM.
  • Take advantage of an easier system for building WHM skins.

cPanel & WHM version 11.28  provides the foundation for these capabilities, which will become available in the near future.

User Interface Changes in cPanel

In cPanel & WHM 11.28, the following cPanel interfaces have changed:

  • FTP Accounts is now easier to use.
  • Disk Space Usage is now easier to use.
  • Change Password now lets the cPanel account owner click a checkbox to apply the password change to the MySQL database owner (DBOWNER) account as well.

Security Policy Changes

As of cPanel & WHM version 11.28, server owners can:

  • Set a maximum password age for the server's cPanel, WHM, and webmail interfaces. Once the password reaches the specified age, it must be reset.

 

Note:

This policy will only apply to system accounts, not virtual accounts (such as webmail accounts).

 

  • Define their own security policies. See the Security Policy white paper (.pdf) for more details.
  • Choose to only allow verified IP addresses to access the server's cPanel, WHM, and webmail interfaces.

Password Age

In cPanel & WHM version 11.28, we added a new interface in WHM called Configure Security Policies (Main >> Security Center >> Configure Security Policies). This interface allows server owners to apply a maximum age to WHM, cPanel, and webmail passwords. The server owner can also opt to specify maximum password ages for XML API requests and DNS cluster requests.

Once a password has reached the specified age, the account owner must change the password.

The maximum password age is 1,095 days.

Limit Logins to Verified IP Addresses

This feature allows server owners to turn on source IP checks for the WHM, cPanel, and webmail interfaces. Server owners can also opt to check source IPs for XML API requests and DNS cluster requests. They may enable this feature in the Configure Security Policies interface.

Source IP checks require users who attempt to access WHM, cPanel, or webmail to do one of the following:

  • Have their IP addresses listed on the Manage Access IPs screen in the appropriate interface, or
  • Successfully answer security questions to gain access to the WHM, cPanel, or webmail interface.

Transfer Improvements

cPanel & WHM version 11.28 provides the following improvements to the process of transferring accounts from non-cPanel servers:

  • WHM now accepts usernames up to 16 characters in length for transferred accounts.
  • Mail groups are now migrated from Parallels® Plesk® panel accounts.
  • Ensim® accounts are transferred with the Ensim account's username rather than the word "site," followed by a number.
  • MySQL for accounts transferred from Ensim will no longer automatically stop and start.

 

Horde Groupware Webmail Edition

As of cPanel & WHM version 11.28, cPanel now provides Horde Groupware Webmail Edition, which allows you to share calendars, contacts, and tasks. cPanel's switch to Horde Groupware Webmail will provide you with the most up-to-date Horde modules. For more information, visit Horde's website.

Benefits of the Horde Groupware client include the following:

  • It provides a streamlined update process, since you no longer have to track updates for each component.
  • It will allow cPanel to provide future Horde updates in a more timely manner.
  • It fixes longstanding bugs and problems present in older Horde releases.

You can also customize Horde Groupware Webmail Edition.

 

Important:

  •  We do not support a downgrade from Horde Groupware Webmail Edition 1.2.7 to older releases.
  • Any attempts to use onfigure new mail notifications in Horde Groupware Webmail Edition may cause Safari® on Mac OS® X to become unresponsive. This is due to the way information is passed between Safari® and QuickTime® on OS X.

Faster Incremental Backups

cPanel & WHM version 11.28 has shown incremental backup times ranging from 1.7 times to over 10 times faster than previous versions. This happens due to optimizations made to the code, and because databases are now backed up only if they have changed.

ext4 File System Support

In cPanel & WHM 11.28, we enabled support for the ext4 file system on CentOS and RedHat® Enterprise Linux® versions 5 and higher. However, CentOS and RedHat do not yet support quotas on ext4. This means you are not yet able to use quotas and ext4 with CentOS or RedHat.

Scripts Removed from the /scripts Directory

The following deprecated scripts have been removed from the /scripts/ directory in cPanel & WHM version 11.28:

  • addstatus
  • fixfpwml
  • nomodattach
  • nomodauthmysql
  • nomodbwprotect
  • nomodperl
  • /rebuildcpusers
  • killmoddav
  • fixwebmail
  • verify
  • check_apache_ssl
  • rebuildcpusers

 

/scripts/cPScript Removed

In cPanel & WHM version 11.28, we removed the /scripts/cPScript directory from the server. All modules that were formerly contained by this directory will now reside in /usr/local/cpanel/Cpanel.

Any application or script that relies upon that directory or the modules contained within will not function in this version. This change effectively discontinues the use of the cPScript Perl module namespace in favor of the Cpanel namespace (/usr/local/cpanel/Cpanel).

Scripts Added to the /scripts Directory in cPanel & WHM 11.28

check_users_my_cnf

This script is available at /scripts/check_users_my_cnf.

It will check user accounts for ~/.my.cnf files that do not work, and rename them. By default, the script only returns output when it detects a bad ~/.my.cnf.

For more information, run /scripts/check_users_my_cnf --help.

comparegdbm

This script is available at /scripts/comparegdbm.

It will compare the contents of two GDBM files.

To use this script, run

/scripts/comparegdbm $file1 $file2

where $file1 and $file2 are the full paths to the files you wish to compare.

Moved cphulkd Configuration Files

The following cphulkd configuration files have moved.

In cPanel & WHM version 11.28, the system checks these new locations first. It checks legacy file locations as a failover.

 

New location/var/cpanel/hulkd/enabled
Old location/var/cpanel/cphulk_enable
DescriptionThis presence of this flag file indicates that cPHulkd is enabled. You can enable or disable cPHulkd in WHM at Main >> Security Center >> cPHulk Brute Force Protection.
New location/var/cpanel/hulkd/conf
Old location/var/cpanel/cphulk.conf
Description

This file is cPHulkd's general configuration file. It contains a number of settings that you can configure from within the WHM interface.

Note:

Old configurations will not automatically migrate from /var/cpanel/cphulk.conf to /var/cpanel/cphulkd/conf until you re-save your configuration.

New location/var/cpanel/hulkd/password
Old location/var/cpanel/hulkdpass
DescriptionThis file stores the password cPHulkd uses to connect to MySQL.
New location/var/cpanel/hulkd/debug
Old location/var/cpanel/hulk_debug
DescriptionThe presence of this file enables debug logging for cPHulkd. cPHulkd's log files are /usr/local/cPanel/logs/cphulkd_errors.log and /usr/local/cpanel/logs/cphulkd.log.

 

Storing Data in the Userdata Cache Instead of the Apache Configuration File

In cPanel & WHM version 11.28, we changed two scripts to write account-specific information to—and retrieve it from—the userdata cache at /var/cpanel/userdata, rather than the Apache configuration file (httpd.conf).

Those scripts are:

  • /scripts/fixsubconf (this script has been moved to /usr/local/cpanel/bin/recovery/fixsubconf)
  • /scripts/pkgacct

We recommend that you store userdata in the appropriate /var/cpanel/userdata directory, rather than the httpd.conf file. Otherwise, these scripts will not access the updated information.

chkservd Recognizes Alternate SSH Ports

In the past, if you configured SSH to listen on a port other than the default (port 22), the chkservd service did not recognize this change. As a result, the WHM Service Status screen would falsely show SSH as non-operational, and chkservd would attempt to restart it every five minutes.

In cPanel & WHM version 11.28, chkservd now scans the SSH configuration file and recognizes the port on which SSH listens, which alleviates these problems.

Optimizations to the pkgacct Process

In cPanel & WHM version 11.28, we improved the pkgacct process. We have reduced the number of times the process forks, which will lower the amount of resources it consumes and speed up its performance.

New restoreaccount XML and JSON API Function

In cPanel & WHM version 11.28, we've added the ability to restore an account from a backup remotely, via our XML API or JSON API.

The restoreaccount function takes the following required variables as input:

  • user (string) — The name of the user whose account you wish to restore.
  • type (string) — The type of backup to restore; either daily, weekly, or monthly.

Sample API calls:

Task Queue Manages Additional Apache Restarts

Use of the task queue has expanded in cPanel & WHM 11.28 to manage Apache restarts that are triggered by the following tasks:

  • Create a New Account (WHM)
  • Modify Account Properties (WHM)
  • Terminate an Account (WHM)
  • Upgrade/Downgrade an Account (WHM)
  • Change Site's IP Address (WHM)
  • Copy an account from another server (Transfers area in WHM)
  • Add or remove an addon domain (Addon Domains area in cPanel)
  • Create or remove a subdomain (Subdomains area in cPanel)
  • Create or remove a parked domain (Parked Domains area in cPanel; Park a Domain in WHM)

For these functions, the task queue will cause Apache to restart in the background. This provides a WHM or cPanel user with a more responsive interface.

Resolved Issue that Prevented Disabling Apache Restarts

In previous versions of cPanel & WHM, disabling Apache restarts would sometimes prove ineffective, resulting in the system attempting to restart a disabled Apache, and failing. In the process, the system would also disable any other services running on port 80.

cPanel & WHM version 11.28 resolves this problem. When you create one of the following files, Apache's restarts will successfully disable and allow services on port 80 to continue to run the following:

  • /etc/httpddisable
  • /etc/apachedisable
  • /etc/httpdisable

Upgraded Third-Party Applications

In cPanel and WHM version 11.28, we integrated upgraded versions of the following third-party software applications:

 

ApplicationNew version included in cPanel 11.28More information
SpamAssassin3.3.1SpamAssassin changelog
RoundCube0.4RoundCube changelog
phpMyAdmin3.3.7 (Requires MySQL 5 or higher)phpMyAdmin release notes
AWStats6.95AWStats changelog
SquirrelMail1.4.21SquirrelMail changelog
Horde Groupware Webmail Edition1.2.7Horde Groupware Webmail Edition


 

  • No labels