cPanel System Administration Introduction

Cpanel Important directories.



*Houses only scripts and binaries which provide installation
and configuration of many cPanel managed services

Notable Contents:

CPSRVD ——-access_log, error_log

frontend——-x, x2,xmail,monsoon
webmail——-x, monsoon
3rdparty——-squirrelmail, phpPgAdmin, phpMyAdmin

init ———–start | stop cpsrvd AND start | stop AND start | stop cppop
exim———-cf, perl
ftptemplates —proftpd
httptemplates –apache1–default, ssldefault
zonetemplates–simple, standard, standardvirtualftp

bin——php, stunnel, analog, awstats, webalizer
etc——php.ini, ixed, ioncube

Houses proprietary configuration data for cPanel, including:
● Primary cPanel configuration
● User configurations
● Reseller configurations
● Accounting, conversion, and update logs
● Bandwidth data
● Customized service templates

updatelogs–bandwidth–zone templates

● The primary cPanel configuration file
● Each variable within influences the way cPanel behaves
● Variables are line delimited, with variables separated by an equal sign
● If file does not exist, cpanel falls back to defaults


Lists each reseller with a comma-delimited list of WHM
resources that reseller has access to.

Contains a list of accounting functions performed through
WHM, including account removal and creation.

● Files contain a list of the bandwidth history for each account.
Each named after their respective user.
● History files are stored in human-readable format, while actual
bandwidth data are stored in round robin databases.


● File name is inherited from the feature list name
● Contains a line delimited list of feature variables and a zero or
one value
● Variables control what cPanel resources are available to users

● Contains a list of packages, named after the packages they represent
● If package belongs to reseller, file name is prefixed with reseller name
● Each of these values determines the values created in cPanel user file

● Contains a list of cPanel user configuration files, named after the user
they pertain to.
● Variables define account resources, themes, domains, etc.

Other notable /var/cpanel directories
– This directory contains logs from account copies/transfers.
Training Seminar 2006
– Contains the output of each cPanel update executed on the server.
– Named after the respective reseller users they represent, each
contains only the IP address which should be used as that
resellersmain shared ip
– Contains customized DNS zone templates created inWHM

This directory houses a large number of scripts which serve
as building blocks for many cPanel/WHM features.
The scripts can be used to:
● Update cPanel, and many of the services of which it
● Customize account creation routines
● Perform backups of cPanel accounts
● Install and update cPanel managed services

cPanel Services

● cpsrvd is the ‘master’ process for cPanel.
● Handles and dispatches all requests made through the cPanel,
WHM, and Webmail interfaces.
● Logs to access_log and error_log

cpsrvd and stunnel relationship
CPSRVD–2082–>cpanel<–2083<–stunnel CPSRVD–2086–>WHM<–2087<–stunnel CPSRVD–2095–>Webmail<–2096<–stunnel SSL Certificates ————- ● Default certificate and key are stored in /usr/local/cpanel/etc/cpanel.pem ● User installed cert and cabundle are stored in: – /usr/local/cpanel/etc/mycpanel.pem – /usr/local/cpanel/etc/mycpanel.cabundle cPanel Startup ———— ● The following services are controlled by the cPanel init script – cpsrvd, both plain and secure – cPanel POP Services – cPanel Log Services – Eximstats – Chat Services – Mailman – Interchange ● Verify if ports are in use – netstat -lnp | egrep ‘20(8|9)’ Troubleshooting Startup Issues(SSL) ——————————- ● If SSL services are not available – execute /usr/local/cpanel/startstunnel – check /usr/local/cpanel/3rdparty/bin/stunnel.log ● If cpsrvd is not available – execute it directly `/usr/local/cpanel/cpsrvd` – check /usr/local/cpanel/logs/error_log Licensing ——– ● License requests are handled by /usr/local/cpanel/cpkeyclt ● Requests are transmitted to over port 2089 ● License requests are logged to license_log ● License key is stored at /usr/local/cpanel/cpanel.lisc A valid license request: root@server [~]# / usr/local/cpanel/cpkeyclt Updating Internal cPanel Information…..Done root@server [~]# Troubleshooting License Issues ————————— CHECKLIST: ● Verify if license is active for main server IP at ● Check if server can establish connection to over port 2089 ● If the previous steps fail, check license_log for notable errors. ● If license is active, but refused with no notable errors, lodge support request. root@server [~]# telnet 2089 Trying… Connected to ( Escape character is ‘^]’. 200 cPanel License Service Version 12.0 root@server [~]# cPanel Requests ————– cPanel Requests ● Logins are authenticated against the system passwd and shadow files. ● Documents root is /usr/local/cpanel/base ● Theme is defined by RS variable in user’s cPanel configuration file. ● Resources are limited by the feature list of assigned to the given user. WHM Requests ————- ● Root password will authenticate any reseller user ● Document root is /usr/local/cpanel/whostmgr/docroot/ ● Reseller resources are limited by Access Control List – Defined in WHM > Resellers > Reseller Center > Edit
– Privileges are stored in /var/cpanel/resellers

cPanel Services

Service Monitoring
● Located at /usr/local/cpanel/libexec/chkservd
● chkservd is a scalable connection and process based service monitoring
● Provides monitoring of CPU, Memory, and Disk usage
● chkservd scans services once every eight minutes
– Logs to /var/log/chkservd.log
● Alerts are dispatched to server contact defined in Basic cPanel/WHM

chkservd Configuration
● Monitored services are determined by values stored in /
– Syntax: servicename:0 for no monitoring, servicename:1 for
● Actions, expected responses, and failure events are defined in
service configuration files stored in /etc/chkserv.d/
● Status files are stored in /var/run/chkservd/
– Plus (+) sign for active, Minus (-) sign for failed

● cpanellogd is responsible for parsing and updating bandwidth logs, and dispatching
statistics generators on each account, per their individual configurations.
● Configured through Statistics Software Configuration and Tweak Settings in WHM
● Statistics are compiled and stored for each account in /home//tmp, with
each respective statistics application being assigned it’s own individual subdirectory.

/home//tmp —-webalizer, analog, awstats, urchin

● Optional server-wide statistics configurations are stored in /
etc/stats.conf, while user-specific configurations may reside in /home/
● Notable Variables in /etc/stats.conf:
– BLACKHOURS: Comma separated list of numeric values, which
specify hours that logs may not be parsed.
– VALIDUSERS:Users which are allowed to supply their own
combination of statistics generators. By default users are
restricted to the generators defined by the administrator.

Calling cpanellogd
● cpanellogd is started with the cPanel service, but can be executed
directly with:
– No Argument: Daemonize, and wait for a suitable time to scan
– One Argument (username): Execute an immediate statistics run
for the specified user, and exit once completed.
● Two scripts are available to provide these functions as well:
– /scripts/runlogsnow – Execute a full log run immediately
– /scripts/runweblogs – Execute a log run for a single

Bandwidth Statistics
● Bandwidth statistics are accumulated from a combination of the
following cPanel managed services:
● Bandwidth data is logged to /usr/local/apache/domlogs/*bytes_log
● Parsed bandwidth data is stored in /var/cpanel/bandwidth

● Bandwidth parsing is taking an exceedingly long time to complete
– First check the size of the logs being parsed. Excessively large
log files can and typically will take a long time to complete.
– Additionally, if RRDtool is not installed, bandwidth parsing
performance will drop signifigantly.
● RRDtool can be installed by executing `/scripts/rrdtoolinstall`

Log Processing
● Statistics are parsed for each child domain of the given account.
● Will be influenced by variables in /var/cpanel/cpanel.config
– Skip statistics generator
● skip
– Logs will be retained or deleted based on
● keeplogs – keep logs at the end of the month.
● dumplogs – dump logs after parsing

Common cpanellogd Issues
● Statistics are stalling, or are taking unreasonable amounts of
– Usually indiates that the server load average is consistently
exceeding the defined load limit.
● Limit is defined as ‘extracpus’ in /var/cpanel/cpanel.config
– Restrictive BLACKHOUR definitions in WHM > Statistics Software
– All other issues should be present in /

cPanel Backups
● Backup configuration is performed in WHM > Backup > Configure
● cPanel backups are performed by /scripts/cpbackup, which is
configured by default to execute at 1:00 AM in the root crontab.
● Backup archives are created using the /scripts/pkgacct utility, and
may be restored using /scripts/restorepkg respectfully.
● Uses CPU resource limits based upon extracpus definition in

Backup Configuration
● Backup script can be configured to operate in daily, weekly, and monthly intervals.
● Each interval is given it’s own respective directory within the backup root.
● Backup intervals are executed when the current time minus the last modification time
of the interval directory is less than or equal to zero.

Three backup methods are available:
● Standard: This method entails archiving the accounts, and storing
them at the specified path/mount point. This is the default method
used by the backup script.
● Incremental: This method uses rsync to incrementally backup user
data. This option will only operate locally, storing the data at the
specified path/mount point.
● Remote: This method transmits account archives to a specified ftp
server. Remote backups are typically more time consuming, and
more error prone when transmitting large accounts.

Common Backup Issues
● Backup intervals are not executed when expected.
– Modification times are incorrect or not functional
– System time is incorrect.
– Backups have not been defined to run on that day.
● Backups stall, or take an exceedingly long time to complete.
– Verify that the transmission rate to remote server is suitable
– Verify that server load average has not exceeded defined
resource limit.

● Can’t call method “login” on an undefined value
This indicates the host or passive setting is not properly
defined for remote backups.
● Unable to login to remote FTP server.
This indicates that either the username and password
were not specified, or are incorrect in the backup configuration.
● Can’t call method “prepare” on an undefined value
The password stored for the root mysql user in /root/.my.cnf is
incorrect. Reset or correct this password, and re-execute the backup

● The eximstats daemon is responsible for harvesting bandwidth
information from exim transactions.
● Continually monitors the exim_mainlog, and stores information in the
eximstats database, including host and sender information, message
size, and transaction times.
● Is started with the cPanel service, but can be called directly at /

● Heavily mysql dependent
– data is stored in the ‘eximstats’ database.
● ‘eximstats’ mysql user password is stored in /var/cpanel/eximstatspass.
– password is generated by /usr/local/cpanel/bin/eximstatspass
● Database can be installed by running /

cPanel Maintenance
● Update configuration
● Update scripts
● Applying updates

● By default, cPanel applies nightly updates at 2:13AM in the root crontab.
● /scripts/upcp dispatches these updates, using the following key
– /scripts/updatenow – synchronize /scripts directory
– /scripts/sysup – updates cPanel managed rpms
– /scripts/rpmup – all other system updates
● Updates are logged to timestamped files in /var/cpanel/updatelogs
● Update configuration is stored in /etc/cpupdate.conf.

● The following variables are available in cpupdate.conf:
– CPANEL = [ manual- ] stable | release | current | edge
This variable controls which update branch is used for
cPanel updates, and controls whether the updates are applied
manually or automatically (Default value: release)
– SYSUP = never (all other values are assumed true)
– RPMUP = never (all other values are assumed true)


● cPanel updates can be called outside of the regularly scheduled cron
time simply by executing /scripts/upcp.
● If cPanel components are missing or corrupted that were not replaced
with the regular cPanel update, they can be replaced by executing /
scripts/upcp –force

Components of upcp
● /scripts/cpanelsync
● /scripts/updatenow
● /scripts/sysup
● /scripts/rpmup

● /scripts/cpanelsync is called upon by /scripts/updatenow and /
● Provides md5sum based synchronization with update servers
● md5sum table is stored in /destination_directory/.cpanelsync
● Accepts three arguments host, remote path, local path :
/scripts/cpanelsync ‘’
‘/cpanelsync/RELEASE/scripts’ ‘/scripts’


Calls cpanelsync to update contents of scripts
directory, which then stores it’s md5sum table
at /scripts/.cpanelsync
● Should only be run from upcp, but can be
executed from command line when ‘–fromupcp’
is passed.
● Is the first update script called upon from /scripts/upcp


● Calls the underlying package manager to apply system package
● The package manager which is used is determined by the presence
– /var/cpanel/useup2date (Redhat)
– /var/cpanel/useyum (CentOS,Fedora)
– /var/cpanel/useapt (Debian)
– /var/cpanel/useswup (Trustix)
– /var/cpanel/userug (SuSE)

cPanel Updates
● After updatenow, sysup, and rpmup complete, cpanelsync is used to
complete the cPanel updates based on md5sum table stored at /
● If any special configurations are required on server after updates,
they can be applied in /scripts/postupcp, which is executed if such a
file exists and is executable.
● Once updates complete, all cPanel services are restarted for changes
to take effect

cPanel Scripts
● Account Management
● Package Management
● Service Update and Configuration
– Exim
– Named
– Apache
● cPanel and System

Account Management Scripts
● /scripts/wwwacct (account creation)
Accounts can be created via the command line using the following
syntax: /scripts/wwwacct username password 0
x n
● /scripts/killacct (account termination)
Takes a single argument of the user to terminate.
● /scripts/suspendacct (account suspension)
Will suspend an account from accessing all cPanel managed
● /scripts/unsuspendacct
Will reinstate any account suspended via suspendacct

● /scripts/addpop (Create pop account)
Handles creation of virtual mail accounts. Accepts either no
arguments, or two arguments consisting of the e-mail address and
● /scripts/updateuserdomains
Updates the user:owner and user:domain tables stored in:
– /etc/userdomains
– /etc/trueuserdomains
– /etc/trueuserowners
– These tables are used to enumerate and keep track of accounts
and their owners.

Package Management
● /scripts/ensurerpm
Takes argument list of rpms, which are then passed to the
underlying package manager
● /scripts/ensurepkg
The equivalent of ensurerpm for FreeBSD. Updates specified
packages from ports.
● /scripts/realperlinstaller
Takes argument list of perl modules to install via CPAN
● Each of the aforementioned scripts can accept an argument of ‘–force’
to force package installations.

● /scripts/mysqlup
Can be called to apply MySQL updates independent of upcp
● /scripts/cleanupmysqlprivs
Will clean up the default MySQL privilege tables, by installing
a more restrictive privilege schema.
● /scripts/mysqlconnectioncheck
Will verify that mysql is accessible with password stored in /root/.my.cnf,
and force a reset with a random 16 character string if inaccessible.
● /scripts/restartsrv_mysql

● /scripts/eximup
Can be called to apply exim updates independent of upcp
● /scripts/buildeximconf
Will rebuild exim.conf, and merge local, distribution, and cPanel
● /scripts/restartsrv_exim

● /scripts/rebuildnamedconf
Rebuild named.conf based on existing zone files
● /scripts/restartsrv_bind

● /scripts/easyapache
Download, extract, and execute apache build script
● /scripts/rebuildhttpdconf
Rebuilds httpd.conf based on DNS entries found in each
cPanel user configuration
● /scripts/restartsrv_httpd

cPanel Scripts
Useful Scripts – cPanel and System
● /scripts/restartsrv_
The majority of cPanel managed service can be scripts named
● /scripts/makecpphp
Will rebuild the PHP interpreter used internally by cpsrvd
● /usr/local/cpanel/bin/checkperlmodules
Will scan for and install any Perl modules required by cPanel.
● /scripts/fullhordereset
Updates horde and resets the horde mysql user password
● /scripts/fixquotas
Will attempt to rebuild quota database per information stored in /

How to Deny IP Address access

There might be an occasion where you would like to deny an IP address. If you would like to deny email being sent from a particular domain or if you would like all connections from your server to deny requests to another server all together. To deny an IP address, please do the following:
1. Click IP Deny Manager
2. To the right of “IP Address or Domain:”, please provide an ip or an array of IP addresses you wish to block
3. Click the Add button

You have just blocked an IP address from connecting to your site.

How to enable/disable hotlink protection

Hot link protection prevents other websites from directly linking to files (as specified below) on your website. Other sites will still be able to link to any file type that you don’t specify below (ie. html files). An example of hot linking would be using a tag to display an image from your site from somewhere else on the net. The end result is that the other site is stealing your bandwidth. You should ensure that all sites that you wish to allow direct links from are in the list below. This system attempts add all sites it knows you own to the list, however you may need to add others. To enable / disable hot link protection, please do the following:

1. Click Hot link Protection
2. Make sure the domain name you wish to protect is in the box below “Urls to Allow Access:
3. In the box to the right of “Extensions to allow” Provide the extensions for which you would like to allow
4. If you check the box to the left of “Allow direct requests“, it will allow direct requests.
5. Click Activate

You have now protected your images from being HOT LINKED