Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Blocking 766 Permissions?

Discussion in 'Security' started by Ynhockey, May 17, 2016.

  1. Ynhockey

    Ynhockey Registered

    Joined:
    Jan 18, 2016
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Israel
    cPanel Access Level:
    Root Administrator
    I have a web app that creates new directories with 766 permissions. It appears that something (very likely cPanel, because it also blocks 777) blocks direct access to files in such directories, whereas 755 works.

    I'd like to make sure that it's indeed cPanel, and also: is this intentional? Is there a configuration option to specifically allow 766, and if so, how dangerous would this be?
     
    #1 Ynhockey, May 17, 2016
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,756
    Likes Received:
    87
    Trophy Points:
    353
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    cpanel does not set your file permissions or block them

    its likely you have SUPHP enabled in Apache
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 dalem, May 17, 2016
  3. Ynhockey

    Ynhockey Registered

    Joined:
    Jan 18, 2016
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Israel
    cPanel Access Level:
    Root Administrator
    Thanks for your answer. I looked for info about whether/how/why SuPHP blocks direct access to these files and whether I can configure either PHP or Apache (more likely) to allow access at least in some way. Unfortunately the search comes up blank, although there are resources confirming what you said (that it has to do with SuPHP).

    Going directly to the SuPHP docs, I found these:
    allow_file_others_writeable,
    allow_directoy_others_writeable

    Which seem to address my question. However, I am not quite clear on the best to configure SuPHP under cPanel/WHM. Can I do it manually and the settings will stay? Or will they be overwritten next time EA is run or Apache reconfigured? Is there documentation for this in cPanel/WHM?
     
    #3 Ynhockey, May 18, 2016
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,011
    Likes Received:
    89
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    Generally SuPHP denies folder perms above 755 and file perms above 644. I do not advise changing this. If your 'umask' is set properly (normally 0022) then it may be an issue with the app.

    If you legitimately cannot get the app to make the folders with 755 like it should, the options for SuPHP are in /opt/suphp/etc/suphp.conf

    The options that would concern you are:
    allow_directory_group_writeable=false
    allow_directory_others_writeable=false

    You could also try fcgi with suexec instead of SuPHP... it may not fix your problem but it's a bit faster/more efficient than SuPHP.
     
    #4 quizknows, May 18, 2016
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,230
    Likes Received:
    1,938
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Is there a particular reason your application needs to create directories with those permissions? Do you notice any specific error messages with directories created with 0755 permissions?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 cPanelMichael, May 30, 2016
(You must log in or sign up to post here.)
Loading...
Similar Threads - Blocking Permissions
  1. sting01

    Blocking email with Exim4 using the IP

    sting01, Oct 19, 2018, in forum: E-mail Discussion
    Replies:
    2
    Views:
    119
    cPanelLauren
    Oct 23, 2018
  2. Mr_Roboto

    Blocking email and trace route

    Mr_Roboto, Oct 17, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    92
    cPanelLauren
    Oct 22, 2018
  3. Hays Sleiman

    SOLVED CSF Blocking Google DNS + dig Command

    Hays Sleiman, Sep 5, 2018, in forum: Bind/DNS/Nameserver
    Replies:
    7
    Views:
    231
    cPanelLauren
    Sep 7, 2018
  4. Znuff

    Same-domain impersonation increases deferred count, triggering domain-wide blocking

    Znuff, Aug 13, 2018, in forum: E-mail Discussion
    Replies:
    3
    Views:
    186
    cPanelLauren
    Aug 16, 2018
  5. Vipin Haridas

    SpamAssassin not blocking emails with invalid SPF?

    Vipin Haridas, Aug 10, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    252
    cPanelLauren
    Aug 13, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice