Reseller based wordpress configure permissions for all accounts

[mobcdi]

I have a reseller account with wordpress install files in the skeleton directory so new accounts can configure their own wp install.

I've encountered a problem with permissions to folders when users try to install themes via wp and I need to solve it for all accounts without having to delete the accounts.

I have suPHP selected as part of my apache build but really need to get help from a cPanel expert who just happens to be a wordpress wizz as well with a love of permissions

Anyone able to help me out find out what permissions my accounts have while running, what ones they are missing and how I can apply those permissions to all accounts (current & future)

[mobcdi]

I would like to avoid having users enter ftp account details but still keep wp as secure as possible.

Is there a way by logging into the server vto see what permissions each user account has to the folders and which account apache is running under because i don't think Apache is actually running under cPanel accounts

[cPanelDon]

If root access is available, then it would be possible to login using SSH access to examine and inspect each account with precision.

Apache typically runs as the system user "nobody" -- Apache itself does not run as the user of each cPanel account.

If using SuPHP as the primary PHP handler, then PHP runs as the user defined within each domain's virtual host, that is, where PHP scripts are executed as the unique user of each cPanel account.

[mobcdi]

So if I understand correctly the account nobody is trying to create the files/folders but only the cPanel account has permission to write files folders to that location.


If that is true then I need to give "nobody" permission to the folders that apache should be able to write to??

Is there a quick way to do this if I have the list of accounts?

And also is there a way to have cpanel to do it when it creates a new account?

[cPanelDon]

If using SuPHP, when a PHP script attempts to create a new file (e.g., a file or directory for caching content), the file/directory will be created using the user's UID and GID, not that of "nobody".

When using SuPHP it should not be necessary to modify ownership or permissions to explicitly allow user "nobody" write access; I am wondering if this is the current case, if there may be some additional detail that may help in diagnosing the issue.

The initial problem of permissions difficulty (e.g., when uploading via the script) sounds relatively straight-forward; so that we can have a better idea what circumstances are involved would you be able to expand in detail about any errors or log detail displayed and the current directory/file permissions being used?

If possible, please also provide the output from the following two commands (via root SSH access):

Code:

# cat /usr/local/cpanel/version && echo
# /usr/local/cpanel/bin/rebuild_phpconf --current

The above will show your full cPanel version number and the current PHP handler (e.g., if it's set to DSO, SuPHP, CGI, etc.) including the status of SuExec.

[mobcdi]

My cpanel verison is listed as 11.24.5-RELEASE_38506 and the output of the other command is
Available handlers: suphp dso cgi none
Default PHP : 5
PHP4 SAPI: none
PHP5 SAPI: dso
SUEXEX: enabled


Does that mean to say that php5 isn't actually running under suphp as I first thought? and is it just a matter of switching it over from dso to suphp in Main >> Service Configuration >> Apache Configuration or should I really rebuild apache the configuration?

[cPanelDon]

My cpanel verison is listed as 11.24.5-RELEASE_38506 and the output of the other command is
Available handlers: suphp dso cgi none
Default PHP : 5
PHP4 SAPI: none
PHP5 SAPI: dso
SUEXEX: enabled

Does that mean to say that php5 isn't actually running under suphp as I first thought? and is it just a matter of switching it over from dso to suphp in Main >> Service Configuration >> Apache Configuration or should I really rebuild apache the configuration?

Yes; that is correct. While SuPHP support is compiled-in and available to use, the current configuration is not yet switched to utilize SuPHP.

The SuPHP configuration may be switched via WHM via the same menu path as you described:
WHM: Main >> Service Configuration >> Apache Configuration >> PHP and SuExec Configuration

It is also possible to switch via SSH using the same script that shows the current configuration, in a format as described from it help/usage output:

Code:

# /usr/local/cpanel/bin/rebuild_phpconf
Usage: /usr/local/cpanel/bin/rebuild_phpconf [--dryrun] [--no-restart] [--no-htaccess] [--current|--available] <Default PHP> <PHP4 Handler> <PHP5 Handler> <Suexec>
 --dryrun       : Only display the changes that would be made
 --no-restart   : Don't restart Apache after updating the php.conf link
 --no-htaccess  : Don't update user configurable PHP mime mapping.
 --current      : Show current settings
 --available    : Show available handlers and PHP SAPIs
 <Default PHP>  : Version of PHP to set as default handler for .php files
 <PHP# Handler> : Type of Apache module to use in serving PHP requests
 <Suexec>       : enabled, disabled, 1 or 0

If PHP4 is not available, and if you wanted PHP 5 to be the default, using SuPHP, with SuExec, you could use a command like the following to accomplish the same change (to SuPHP) as would be done via WHM:

Code:

# /usr/local/cpanel/bin/rebuild_phpconf 5 none suphp 1

To see which versions of PHP are available, you could use the following ("--available"), similar to using the "--current" CLI switch.

Code:

# /usr/local/cpanel/bin/rebuild_phpconf --available

[mobcdi]

If I change php5 to use suPHP would that setting carry through any apache updates/ software updates or would I need to change it after every update

[cPanelDon]

If I change php5 to use suPHP would that setting carry through any apache updates/ software updates or would I need to change it after every update

The setting is normally a one-time occurrence, and it should remain the same assuming the necessary options are still enabled in future customized EasyApache builds. For example, to keep SuPHP, you'll want to ensure that both SuPHP and "CGI" remain selected.

[f-robin]

Hi,

We have the same problem here, but when running the command line script to see what services are running we get:

Available handlers: dso cgi none
DEFAULT PHP: 5
PHP4 SAPI: none
PHP5 SAPI: dso
SUEXEC: enabled
root@dev-ccuwp2sat [~]# cat /usr/local/cpanel/version && echo
11.25.0-RELEASE_43473

Note that there is no suPHP listed for an available handler

Help!?

[cPanelDavidG]

Hi,

We have the same problem here, but when running the command line script to see what services are running we get:

Available handlers: dso cgi none
DEFAULT PHP: 5
PHP4 SAPI: none
PHP5 SAPI: dso
SUEXEC: enabled
root@dev-ccuwp2sat [~]# cat /usr/local/cpanel/version && echo
11.25.0-RELEASE_43473

Note that there is no suPHP listed for an available handler

Help!?

SuPHP will only be shown when SuPHP is installed. While SuPHP is installed on new cPanel/WHM installations by default, older installations will not have SuPHP installed.

To Install SuPHP, select the option for SuPHP in Step 5 of EasyApache.