Archive for Mar 23, 2012

cPanel / WHM Explained

cPanel and WHM Details

                   *******Cpanel Explanation In Detail******* 

Cpanel Introduction

Cpanel Important directories.




*Houses only scripts and binaries which provide installation
and configuration of many cPanel managed services

Notable Contents:


CPSRVD -------access_log, error_log


frontend-------x, x2,xmail,monsoon
webmail-------x, monsoon
3rdparty-------squirrelmail, phpPgAdmin, phpMyAdmin


init -----------start | stop cpsrvd AND start | stop AND start | stop cppop
exim----------cf, perl
ftptemplates ---proftpd
httptemplates --apache1--default, ssldefault
zonetemplates--simple, standard, standardvirtualftp

bin------php, stunnel, analog, awstats, webalizer
etc------php.ini, ixed, ioncube

Houses proprietary configuration data for cPanel, including:
● Primary cPanel configuration
● User configurations
● Reseller configurations
● Accounting, conversion, and update logs
● Bandwidth data
● Customized service templates


updatelogs--bandwidth--zone templates

● The primary cPanel configuration file
● Each variable within influences the way cPanel behaves
● Variables are line delimited, with variables separated by an equal sign
● If file does not exist, cpanel falls back to defaults


Lists each reseller with a comma-delimited list of WHM
resources that reseller has access to.

Contains a list of accounting functions performed through
WHM, including account removal and creation.

● Files contain a list of the bandwidth history for each account.
Each named after their respective user.
● History files are stored in human-readable format, while actual
bandwidth data are stored in round robin databases.


● File name is inherited from the feature list name
● Contains a line delimited list of feature variables and a zero or
one value
● Variables control what cPanel resources are available to users


● Contains a list of packages, named after the packages they represent
● If package belongs to reseller, file name is prefixed with reseller name
● Each of these values determines the values created in cPanel user file


● Contains a list of cPanel user configuration files, named after the user
they pertain to.
● Variables define account resources, themes, domains, etc.

Other notable /var/cpanel directories

– This directory contains logs from account copies/transfers.
Training Seminar 2006
– Contains the output of each cPanel update executed on the server.
– Named after the respective reseller users they represent, each
contains only the IP address which should be used as that
resellersmain shared ip
– Contains customized DNS zone templates created inWHM


This directory houses a large number of scripts which serve
as building blocks for many cPanel/WHM features.
The scripts can be used to:
● Update cPanel, and many of the services of which it
● Customize account creation routines
● Perform backups of cPanel accounts
● Install and update cPanel managed services

cPanel Services



● cpsrvd is the 'master' process for cPanel.
● Handles and dispatches all requests made through the cPanel,
WHM, and Webmail interfaces.
● Logs to access_log and error_log

cpsrvd and stunnel relationship


SSL Certificates

● Default certificate and key are stored in /
● User installed cert and cabundle are stored in:
– /usr/local/cpanel/etc/mycpanel.pem
– /usr/local/cpanel/etc/mycpanel.cabundle

cPanel Startup

● The following services are controlled by the cPanel
init script
– cpsrvd, both plain and secure
– cPanel POP Services
– cPanel Log Services
– Eximstats
– Chat Services
– Mailman
– Interchange

● Verify if ports are in use
– netstat -lnp | egrep '20(8|9)'

Troubleshooting Startup Issues(SSL)

● If SSL services are not available
– execute /usr/local/cpanel/startstunnel
– check /usr/local/cpanel/3rdparty/bin/stunnel.log
● If cpsrvd is not available
– execute it directly `/usr/local/cpanel/cpsrvd`
– check /usr/local/cpanel/logs/error_log


● License requests are handled by /usr/local/cpanel/cpkeyclt
● Requests are transmitted to over port 2089
● License requests are logged to license_log
● License key is stored at /usr/local/cpanel/cpanel.lisc

A valid license request:
root@server [~]# /
Updating Internal cPanel
root@server [~]#

Troubleshooting License Issues

● Verify if license is active for main server IP at
● Check if server can establish connection to over port 2089
● If the previous steps fail, check license_log for notable errors.
● If license is active, but refused with no notable errors, lodge support request.

root@server [~]# telnet 2089
Connected to (
Escape character is '^]'.
200 cPanel License Service Version 12.0
root@server [~]#

cPanel Requests

cPanel Requests
● Logins are authenticated against the system passwd and shadow files.
● Documents root is /usr/local/cpanel/base
● Theme is defined by RS variable in user's cPanel configuration file.
● Resources are limited by the feature list of assigned to the given user.

WHM Requests

WHM Requests
● Root password will authenticate any reseller user
● Document root is /usr/local/cpanel/whostmgr/docroot/
● Reseller resources are limited by Access Control List
– Defined in WHM > Resellers > Reseller Center > Edit
– Privileges are stored in /var/cpanel/resellers

cPanel Services


Service Monitoring
● Located at /usr/local/cpanel/libexec/chkservd
● chkservd is a scalable connection and process based service monitoring
● Provides monitoring of CPU, Memory, and Disk usage
● chkservd scans services once every eight minutes
– Logs to /var/log/chkservd.log
● Alerts are dispatched to server contact defined in Basic cPanel/WHM

chkservd Configuration

● Monitored services are determined by values stored in /
– Syntax: servicename:0 for no monitoring, servicename:1 for
● Actions, expected responses, and failure events are defined in
service configuration files stored in /etc/chkserv.d/{servicename}
● Status files are stored in /var/run/chkservd/{servicename}
– Plus (+) sign for active, Minus (-) sign for failed


● cpanellogd is responsible for parsing and updating bandwidth logs, and dispatching
statistics generators on each account, per their individual configurations.
● Configured through Statistics Software Configuration and Tweak Settings in WHM
● Statistics are compiled and stored for each account in /home/{username}/tmp, with
each respective statistics application being assigned it's own individual subdirectory.

/home/{username}/tmp ----webalizer, analog, awstats, urchin

● Optional server-wide statistics configurations are stored in /
etc/stats.conf, while user-specific configurations may reside in /home/
● Notable Variables in /etc/stats.conf:
– BLACKHOURS: Comma separated list of numeric values, which
specify hours that logs may not be parsed.
– VALIDUSERS:Users which are allowed to supply their own
combination of statistics generators. By default users are
restricted to the generators defined by the administrator.

Calling cpanellogd

● cpanellogd is started with the cPanel service, but can be executed
directly with:
– No Argument: Daemonize, and wait for a suitable time to scan
– One Argument (username): Execute an immediate statistics run
for the specified user, and exit once completed.
● Two scripts are available to provide these functions as well:
– /scripts/runlogsnow - Execute a full log run immediately
– /scripts/runweblogs {username} - Execute a log run for a single

Bandwidth Statistics

● Bandwidth statistics are accumulated from a combination of the
following cPanel managed services:
● Bandwidth data is logged to /usr/local/apache/domlogs/*bytes_log
● Parsed bandwidth data is stored in /var/cpanel/bandwidth

● Bandwidth parsing is taking an exceedingly long time to complete
– First check the size of the logs being parsed. Excessively large
log files can and typically will take a long time to complete.
– Additionally, if RRDtool is not installed, bandwidth parsing
performance will drop signifigantly.
● RRDtool can be installed by executing `/scripts/rrdtoolinstall`

Log Processing

● Statistics are parsed for each child domain of the given account.
● Will be influenced by variables in /var/cpanel/cpanel.config
– Skip statistics generator
● skip{generator_name}
– Logs will be retained or deleted based on
● keeplogs – keep logs at the end of the month.
● dumplogs – dump logs after parsing

Common cpanellogd Issues

● Statistics are stalling, or are taking unreasonable amounts of
– Usually indiates that the server load average is consistently
exceeding the defined load limit.
● Limit is defined as 'extracpus' in /var/cpanel/cpanel.config
– Restrictive BLACKHOUR definitions in WHM > Statistics Software
– All other issues should be present in /

cPanel Backups

● Backup configuration is performed in WHM > Backup > Configure
● cPanel backups are performed by /scripts/cpbackup, which is
configured by default to execute at 1:00 AM in the root crontab.
● Backup archives are created using the /scripts/pkgacct utility, and
may be restored using /scripts/restorepkg respectfully.
● Uses CPU resource limits based upon extracpus definition in

Backup Configuration

● Backup script can be configured to operate in daily, weekly, and monthly intervals.
● Each interval is given it's own respective directory within the backup root.
● Backup intervals are executed when the current time minus the last modification time
of the interval directory is less than or equal to zero.

Three backup methods are available:
● Standard: This method entails archiving the accounts, and storing
them at the specified path/mount point. This is the default method
used by the backup script.
● Incremental: This method uses rsync to incrementally backup user
data. This option will only operate locally, storing the data at the
specified path/mount point.
● Remote: This method transmits account archives to a specified ftp
server. Remote backups are typically more time consuming, and
more error prone when transmitting large accounts.

Common Backup Issues

● Backup intervals are not executed when expected.
– Modification times are incorrect or not functional
– System time is incorrect.
– Backups have not been defined to run on that day.
● Backups stall, or take an exceedingly long time to complete.
– Verify that the transmission rate to remote server is suitable
– Verify that server load average has not exceeded defined
resource limit.

● Can't call method "login" on an undefined value
This indicates the host or passive setting is not properly
defined for remote backups.
● Unable to login to remote FTP server.
This indicates that either the username and password
were not specified, or are incorrect in the backup configuration.
● Can't call method "prepare" on an undefined value
The password stored for the root mysql user in /root/.my.cnf is
incorrect. Reset or correct this password, and re-execute the backup


● The eximstats daemon is responsible for harvesting bandwidth
information from exim transactions.
● Continually monitors the exim_mainlog, and stores information in the
eximstats database, including host and sender information, message
size, and transaction times.
● Is started with the cPanel service, but can be called directly at /

● Heavily mysql dependent
– data is stored in the 'eximstats' database.
● 'eximstats' mysql user password is stored in /var/cpanel/eximstatspass.
– password is generated by /usr/local/cpanel/bin/eximstatspass
● Database can be installed by running /

cPanel Maintenance
● Update configuration
● Update scripts
● Applying updates

● By default, cPanel applies nightly updates at 2:13AM in the root crontab.
● /scripts/upcp dispatches these updates, using the following key
– /scripts/updatenow - synchronize /scripts directory
– /scripts/sysup - updates cPanel managed rpms
– /scripts/rpmup - all other system updates
● Updates are logged to timestamped files in /var/cpanel/updatelogs
● Update configuration is stored in /etc/cpupdate.conf.


● The following variables are available in cpupdate.conf:
– CPANEL = [ manual- ] stable | release | current | edge
This variable controls which update branch is used for
cPanel updates, and controls whether the updates are applied
manually or automatically (Default value: release)
– SYSUP = never (all other values are assumed true)
– RPMUP = never (all other values are assumed true)


● cPanel updates can be called outside of the regularly scheduled cron
time simply by executing /scripts/upcp.
● If cPanel components are missing or corrupted that were not replaced
with the regular cPanel update, they can be replaced by executing /
scripts/upcp –force

Components of upcp

● /scripts/cpanelsync
● /scripts/updatenow
● /scripts/sysup
● /scripts/rpmup

● /scripts/cpanelsync is called upon by /scripts/updatenow and /
● Provides md5sum based synchronization with update servers
● md5sum table is stored in /destination_directory/.cpanelsync
● Accepts three arguments host, remote path, local path :
/scripts/cpanelsync ''
'/cpanelsync/RELEASE/scripts' '/scripts'


Calls cpanelsync to update contents of scripts
directory, which then stores it's md5sum table
at /scripts/.cpanelsync
● Should only be run from upcp, but can be
executed from command line when '--fromupcp'
is passed.
● Is the first update script called upon from /scripts/upcp



● Calls the underlying package manager to apply system package
● The package manager which is used is determined by the presence
– /var/cpanel/useup2date (Redhat)
– /var/cpanel/useyum (CentOS,Fedora)
– /var/cpanel/useapt (Debian)
– /var/cpanel/useswup (Trustix)
– /var/cpanel/userug (SuSE)

cPanel Updates

● After updatenow, sysup, and rpmup complete, cpanelsync is used to
complete the cPanel updates based on md5sum table stored at /
● If any special configurations are required on server after updates,
they can be applied in /scripts/postupcp, which is executed if such a
file exists and is executable.
● Once updates complete, all cPanel services are restarted for changes
to take effect

cPanel Scripts

● Account Management
● Package Management
● Service Update and Configuration
– Exim
– Named
– Apache
● cPanel and System

Account Management Scripts

● /scripts/wwwacct (account creation)
Accounts can be created via the command line using the following
syntax: /scripts/wwwacct username password 0
x n
● /scripts/killacct (account termination)
Takes a single argument of the user to terminate.
● /scripts/suspendacct (account suspension)
Will suspend an account from accessing all cPanel managed
● /scripts/unsuspendacct
Will reinstate any account suspended via suspendacct

● /scripts/addpop (Create pop account)
Handles creation of virtual mail accounts. Accepts either no
arguments, or two arguments consisting of the e-mail address and
● /scripts/updateuserdomains
Updates the user:owner and user:domain tables stored in:
– /etc/userdomains
– /etc/trueuserdomains
– /etc/trueuserowners
– These tables are used to enumerate and keep track of accounts
and their owners.

Package Management

● /scripts/ensurerpm
Takes argument list of rpms, which are then passed to the
underlying package manager
● /scripts/ensurepkg
The equivalent of ensurerpm for FreeBSD. Updates specified
packages from ports.
● /scripts/realperlinstaller
Takes argument list of perl modules to install via CPAN
● Each of the aforementioned scripts can accept an argument of '--force'
to force package installations.

● /scripts/mysqlup
Can be called to apply MySQL updates independent of upcp
● /scripts/cleanupmysqlprivs
Will clean up the default MySQL privilege tables, by installing
a more restrictive privilege schema.
● /scripts/mysqlconnectioncheck
Will verify that mysql is accessible with password stored in /root/.my.cnf,
and force a reset with a random 16 character string if inaccessible.
● /scripts/restartsrv_mysql

● /scripts/eximup
Can be called to apply exim updates independent of upcp
● /scripts/buildeximconf
Will rebuild exim.conf, and merge local, distribution, and cPanel
● /scripts/restartsrv_exim

● /scripts/rebuildnamedconf
Rebuild named.conf based on existing zone files
● /scripts/restartsrv_bind

● /scripts/easyapache
Download, extract, and execute apache build script
● /scripts/rebuildhttpdconf
Rebuilds httpd.conf based on DNS entries found in each
cPanel user configuration
● /scripts/restartsrv_httpd

cPanel Scripts

Useful Scripts – cPanel and System
● /scripts/restartsrv_{servicename}
The majority of cPanel managed service can be scripts named
● /scripts/makecpphp
Will rebuild the PHP interpreter used internally by cpsrvd
● /usr/local/cpanel/bin/checkperlmodules
Will scan for and install any Perl modules required by cPanel.
● /scripts/fullhordereset
Updates horde and resets the horde mysql user password
● /scripts/fixquotas
Will attempt to rebuild quota database per information stored in /