The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Chmode 444, but cpanel user still able to edit and delete file

Discussion in 'Security' started by Raj_2006, Feb 8, 2016.

  1. Raj_2006

    Raj_2006 Registered

    Joined:
    Feb 8, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi

    I have a CentOS VPS with latest WHM version, From last couple of months some hackers are creating malicious files in my cpanel public_html director, I recently notice that if i made any file permission to 444 and trying to edit or delete it as cpanel user, I still able to edit and delete these files, means chmod permission is not working in cpanel file manager.

    To check i did the same chmod 444 for my index.php file and tried to delete and edit via ssh that time chmod permission works file it is not allowing me to edit this file but then i logged into Cpanel file manager and tried to delete index.php that this time file was deleted.

    so chmode permissions are not working in cpanel filemanage, please help me to resolve this issue.
     
  2. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    You realize the owner of the file can change its permissions, right? This has nothing to do with cPanel. Learn about Unix permissions and ownership rules. Sounds to me like you should be more worried about your site repeatedly getting hacked.
     
    quizknows likes this.
  3. Raj_2006

    Raj_2006 Registered

    Joined:
    Feb 8, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    My issue is, if i am using cpanel file manager as a cpanel user why am i able to delete or edit file though their permission is 444. On my other VPS if i do same settings and using cpanel file manager as a cpanel user i am not able to delete and edit files which have 444 Chmode. I want same thing for my other VPS, so files cannot delete or overwrite accidentally
     
  4. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    Because the user still owns the file, and relying on this is as a form of security is entirely stupid. You're going down a rabbit hole here when what you should be doing is addressing how unauthorized parties are meddling around with your files. Your priorities are completely off, and until you realize this, you're probably not going to get much help.
     
    quizknows likes this.
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator

Share This Page