Skip to content

LSMCD Secure User Data CloudLinux/cPanel Interface

This facility provides a user interface for those CloudLinux/cPanel users using LSMCD configured with SASL and User-Level security.

This interface is intended for cPanel end-users. This panel lets a user change their own password, create the user if it does not exist in the LSMCD SASL environment, and see statistics for their specific data in their user-managed LSMCD space.

Easy Install

The Easy Install does three things:

  • compiles and installs LSMCD
  • installs the LSCMD cPanel plugin
  • creates SASL users for all existing cPanel users on the system

Tip

The SASL passwords that are created for the users are not their cPanel passwords, but instead are randomly generated. Users must follow the Use instructions below if they wish to change these passwords.

To perform the Easy Install, you must be running on the system as root.

Download the Software

The easiest way to download the software is to clone LiteSpeed's LSMCD git repository. This is done from a root command prompt, after changing to a directory where the software can be stored (/tmp is often used), like so:

cd /tmp
git clone https://github.com/litespeedtech/lsmcd.git

Install the Software

To install the software you will need to change to the directory where the installation script is stored and execute the script:

cd lsmcd
./lsmcd_cpanel.sh

The script will determine if LSMCD has been installed, and then install it if it's not found.

Installation should run without errors, but any significant ones will be displayed on the screen.

If you see missing dependencies, particularly concerning Perl and Git, check your /etc/yum.conf file. You must not have perl* in the exclude list. If it's there, temporarily remove it and try the install script again.

Note

If you wish to uninstall LSMCD, you can use the ./uninstall.sh script, found in the same directory.

Use

Since SASL is an independent security system from cPanel's, all LSMCD's users need to be added to SASL. To make that easier, the installation script will prime the SASL database system with the existing cPanel users and a random password for each. Each user must then change their password via the
Change Password button.

Similarly, new cPanel users can take advantage of the Change Password button to add their user and a new password.

Once the software is installed, cPanel users will see a new option in their Advanced group:

Users may select the new option to be brought to the main menu:

This screen has 3 groups of data:

  1. Who you are:
    1. User to be used for LSMCD (the logged on user)
    2. LSMCD server address extracted from /usr/local/lsmcd/conf/node.conf. Can be an IP address/port or UDS (Unix Domain Socket).
    3. Whether SASL security is enabled (the setting of Cached.UseSasl in node.conf)
    4. Whether User Level Security is enabled (the setting of Cached.DataByUser in node.conf).
  2. A button to change the password. Will only be enabled if SASL and User Level Security is enabled.
  3. A button to display stats. If user level security is enabled, the stats will be only for the user. If no security is enabled, the stats are system wide. Otherwise the button is disabled.

Change Password

The Change Password button will only be enabled if both SASL and user-level security is enabled. This facility is provided as access to a command prompt for running saslpasswd2, which is not available to regular users. Regular users need the ability to keep the SASL password consistent with company policy. Press the button to enter the Change Password screen.

As is common with password change facilities, the new password must be entered twice and must match. Other than requiring a password, no additional password restrictions are placed on the password. When the user enters the new password in both text boxes and presses Change Password, the saslpasswd2 program is run and it is up to that program to validate the new password with system restrictions.

If there are errors, they are displayed in this screen and the user can fix the problem and try again. If the password change is successful, that fact is displayed and the text of the button is changed to Ok. When the user presses the button, the main window is redisplayed.

Display Stats

To display the Memcached statistics for the user (or the system as a whole if security is disabled), the user can press the Display Stats button.

Stats are displayed in the format below, the format determined by LSMCD, and are basically identical to those available from Memcached. The primary difference is that LSMCD stats only reflect activity for those transactions done by the user validated by SASL and LSMCD.

Use the browser Back button to return to the main window.


Last update: June 2, 2022