The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Blocking 766 Permissions?

Discussion in 'Security' started by Ynhockey, May 17, 2016.

  1. Ynhockey

    Ynhockey Registered

    Joined:
    Jan 18, 2016
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Israel
    cPanel Access Level:
    Root Administrator
    I have a web app that creates new directories with 766 permissions. It appears that something (very likely cPanel, because it also blocks 777) blocks direct access to files in such directories, whereas 755 works.

    I'd like to make sure that it's indeed cPanel, and also: is this intentional? Is there a configuration option to specifically allow 766, and if so, how dangerous would this be?
     
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    cpanel does not set your file permissions or block them

    its likely you have SUPHP enabled in Apache
     
  3. Ynhockey

    Ynhockey Registered

    Joined:
    Jan 18, 2016
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Israel
    cPanel Access Level:
    Root Administrator
    Thanks for your answer. I looked for info about whether/how/why SuPHP blocks direct access to these files and whether I can configure either PHP or Apache (more likely) to allow access at least in some way. Unfortunately the search comes up blank, although there are resources confirming what you said (that it has to do with SuPHP).

    Going directly to the SuPHP docs, I found these:
    allow_file_others_writeable,
    allow_directoy_others_writeable

    Which seem to address my question. However, I am not quite clear on the best to configure SuPHP under cPanel/WHM. Can I do it manually and the settings will stay? Or will they be overwritten next time EA is run or Apache reconfigured? Is there documentation for this in cPanel/WHM?
     
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Generally SuPHP denies folder perms above 755 and file perms above 644. I do not advise changing this. If your 'umask' is set properly (normally 0022) then it may be an issue with the app.

    If you legitimately cannot get the app to make the folders with 755 like it should, the options for SuPHP are in /opt/suphp/etc/suphp.conf

    The options that would concern you are:
    allow_directory_group_writeable=false
    allow_directory_others_writeable=false

    You could also try fcgi with suexec instead of SuPHP... it may not fix your problem but it's a bit faster/more efficient than SuPHP.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Is there a particular reason your application needs to create directories with those permissions? Do you notice any specific error messages with directories created with 0755 permissions?

    Thank you.
     
Loading...

Share This Page