Apparently, there were recent changes to the way WHM creates its pkgacct backups. If you have any files in account directories which are owned by anyone other than the account user, this affects you.
Since this is a major change for many web hosters, I thought someone should alert everyone (cPanel evidently doesn't see this as a big deal).
We noticed it because we only run a CMS on our servers, which run as the Apache user 'nobody'. Before the code change, all of the files located in a user directory would be backed up, including those owned by 'nobody'. Now, only those owned by the user get backed up. For us, this translates to only about 10% of a user's files (by volume).
I've submitted a bug report, however, cPanel maintains that this was intentional for security reasons. Recommendations by them are to either reconfigure your servers to use suPHP/suEXEC or to custom program your own workaround to their program which used to work properly.
Updated:
Although the backup program is supposed to back up every file which is readable by the user (regardless of the owner), in my case it does not. They say they're considering options to also include files owned by the Apache user, 'nobody'.
My opinion is that other programs handle security, a backup program's sole function should be to back up every file located in the source directory just as it appears there. A backup program should not make security judgements, since as a hosting provider I may change permissions or add files to an account based on my own policies. Because of my configuration I need a backup program to copy and archive every file located in a directory so that I can rescue an account or move it to another server as quickly as possible, and omitting files may cause me to lose one or more customers in case of hardware failure.
If you use WHM because you are a Web Hoster who needs to Manage the server (which is why you have Web Host Manager in the first place) please let the cPanel people know that you need your data backed up safely and completely, and that you have other programs which will be able to keep your server secure! They do listen to their customers, so if you need your data safe let them know you do!
Since this is a major change for many web hosters, I thought someone should alert everyone (cPanel evidently doesn't see this as a big deal).
We noticed it because we only run a CMS on our servers, which run as the Apache user 'nobody'. Before the code change, all of the files located in a user directory would be backed up, including those owned by 'nobody'. Now, only those owned by the user get backed up. For us, this translates to only about 10% of a user's files (by volume).
I've submitted a bug report, however, cPanel maintains that this was intentional for security reasons. Recommendations by them are to either reconfigure your servers to use suPHP/suEXEC or to custom program your own workaround to their program which used to work properly.
Updated:
Although the backup program is supposed to back up every file which is readable by the user (regardless of the owner), in my case it does not. They say they're considering options to also include files owned by the Apache user, 'nobody'.
My opinion is that other programs handle security, a backup program's sole function should be to back up every file located in the source directory just as it appears there. A backup program should not make security judgements, since as a hosting provider I may change permissions or add files to an account based on my own policies. Because of my configuration I need a backup program to copy and archive every file located in a directory so that I can rescue an account or move it to another server as quickly as possible, and omitting files may cause me to lose one or more customers in case of hardware failure.
If you use WHM because you are a Web Hoster who needs to Manage the server (which is why you have Web Host Manager in the first place) please let the cPanel people know that you need your data backed up safely and completely, and that you have other programs which will be able to keep your server secure! They do listen to their customers, so if you need your data safe let them know you do!
Last edited: