The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

apache + nginx + open_basedir

Discussion in 'Security' started by activa, Apr 10, 2012.

  1. activa

    activa Well-Known Member

    Joined:
    May 23, 2006
    Messages:
    204
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Morocco
    cPanel Access Level:
    Root Administrator
    i have apache v2.2 and nginx last version .

    i have made a test security and i have found the fallowing :

    we have the fallowing synoposis :

    PHP:
    [root@server4 www]# ls -alh
    total 144K
    drwxr
    -x---  6 usertest nobody   4.0K Apr 10 20:09 .
    drwx--x--x 13 usertest usertest 4.0K Apr  7 02:16 ..
    -
    rw-r--r--  1 usertest usertest  184 Apr  6 21:29 .htaccess
    lrwxrwxrwx  1 usertest usertest   38 Apr  6 22
    :48 im1.txt -> /home/anotheruser/public_html/config.php
    -rw-r--r--  1 usertest usertest    3 May  3  2011 index.html
    when i try to read the symlink from web browsers i get a forbidden message in apache without nginx .

    when i install nginx i can read the file of other user without any probleme !!!

    anyfix for this ?
     
  2. activa

    activa Well-Known Member

    Joined:
    May 23, 2006
    Messages:
    204
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Morocco
    cPanel Access Level:
    Root Administrator
    i don't think is apache or open_basedir php probleme , i have test a php script that try to read other public_directory and the error permission shown .

    this is a nginx probleme , as he handle the txt file extention directory ;

    now how i can set nginx to prevent reading other user's files ?
     
  3. activa

    activa Well-Known Member

    Joined:
    May 23, 2006
    Messages:
    204
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Morocco
    cPanel Access Level:
    Root Administrator
    is a nginx BUG , from v 1.1.16 has been fixed . and should add this line to the conf file

    disable_symlinks if_not_owner;

    upgrading from nginx 1.0.14 to 1.1.18 has resolved the isseu .
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello,

    Of note, posting questions about security issues with nginx on cPanel forum is likely not the best location. nginx isn't supported by cPanel currently. While there might be a large number of people using nginx with cPanel, there is no method of support for it on this forum for that reason. Whoever provided the version of nginx being used would be the best location for support. Hopefully, they have a forum going forward that could be used for these questions.

    Thanks!
     
  5. activa

    activa Well-Known Member

    Joined:
    May 23, 2006
    Messages:
    204
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Morocco
    cPanel Access Level:
    Root Administrator
    yes, is not a cpanel isseu , but i know a lot using nginx with cpanel and a there are alot of request for it http://forums.cpanel.net/f145/nginx-accelerating-apache-case-41719-a-134209.html .

    so in the first i want to ask help of others , after i have post a solution to share with others if someone has the same case .
     
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Had you likewise posted on the nginx forums asking? The people who provide whichever plugin you have are going to be the experts for nginx. Just because people use it with cPanel doesn't make this the best location to post about nginx. This is the second post recently about nginx that would most definitely have been better served to be posted on the nginx plugin forum.

    Certainly, it's great you solved the issue and provided the details on how you solved it. Thanks for doing that part (the follow-up on how it was resolved).
     
Loading...

Share This Page