The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Blocking 766 Permissions?

Discussion in 'Security' started by Ynhockey, May 17, 2016.

  1. Ynhockey

    Ynhockey Registered

    Joined:
    Jan 18, 2016
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Israel
    cPanel Access Level:
    Root Administrator
    I have a web app that creates new directories with 766 permissions. It appears that something (very likely cPanel, because it also blocks 777) blocks direct access to files in such directories, whereas 755 works.

    I'd like to make sure that it's indeed cPanel, and also: is this intentional? Is there a configuration option to specifically allow 766, and if so, how dangerous would this be?
     
    #1 Ynhockey, May 17, 2016
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,602
    Likes Received:
    51
    Trophy Points:
    203
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    cpanel does not set your file permissions or block them

    its likely you have SUPHP enabled in Apache
     
    #2 dalem, May 17, 2016
  3. Ynhockey

    Ynhockey Registered

    Joined:
    Jan 18, 2016
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Israel
    cPanel Access Level:
    Root Administrator
    Thanks for your answer. I looked for info about whether/how/why SuPHP blocks direct access to these files and whether I can configure either PHP or Apache (more likely) to allow access at least in some way. Unfortunately the search comes up blank, although there are resources confirming what you said (that it has to do with SuPHP).

    Going directly to the SuPHP docs, I found these:
    allow_file_others_writeable,
    allow_directoy_others_writeable

    Which seem to address my question. However, I am not quite clear on the best to configure SuPHP under cPanel/WHM. Can I do it manually and the settings will stay? Or will they be overwritten next time EA is run or Apache reconfigured? Is there documentation for this in cPanel/WHM?
     
    #3 Ynhockey, May 18, 2016
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    982
    Likes Received:
    75
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    Generally SuPHP denies folder perms above 755 and file perms above 644. I do not advise changing this. If your 'umask' is set properly (normally 0022) then it may be an issue with the app.

    If you legitimately cannot get the app to make the folders with 755 like it should, the options for SuPHP are in /opt/suphp/etc/suphp.conf

    The options that would concern you are:
    allow_directory_group_writeable=false
    allow_directory_others_writeable=false

    You could also try fcgi with suexec instead of SuPHP... it may not fix your problem but it's a bit faster/more efficient than SuPHP.
     
    #4 quizknows, May 18, 2016
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,204
    Likes Received:
    1,297
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Is there a particular reason your application needs to create directories with those permissions? Do you notice any specific error messages with directories created with 0755 permissions?

    Thank you.
     
    #5 cPanelMichael, May 30, 2016
(You must log in or sign up to post here.)
Loading...
Similar Threads - Blocking Permissions
  1. kszadkowski

    Global blocking of wpscan enumerate users

    kszadkowski, Jul 19, 2017, in forum: Security
    Replies:
    3
    Views:
    111
    cPanelMichael
    Jul 20, 2017
  2. Abin C Jose

    Blocking an email with SpamAssassin

    Abin C Jose, Jul 6, 2017, in forum: E-mail Discussions
    Replies:
    1
    Views:
    143
    cPanelMichael
    Jul 6, 2017
  3. cyphixia

    Disable automatic scanning and blocking of file manager

    cyphixia, Jun 18, 2017, in forum: Security
    Replies:
    1
    Views:
    153
    cPanelMichael
    Jun 19, 2017
  4. Yossi

    Blocking Emails except to own domain/gmail

    Yossi, Jun 7, 2017, in forum: E-mail Discussions
    Replies:
    1
    Views:
    150
    cPanelMichael
    Jun 7, 2017
  5. warrenceoo

    cPHulk blocking issue

    warrenceoo, May 31, 2017, in forum: E-mail Discussions
    Replies:
    1
    Views:
    164
    cPanelMichael
    May 31, 2017

Share This Page