cPanel skeleton -> wrong permission on public_html dir upon account creation

[jannohordijk]

Since a few weeks I've got the following problem. After creating a new account, the home/{account}/public_html directory has not enough rights and the webserver gives a 'Forbidden You don't have permission to access / on this server'.

drwxr-x--- 3 imedianu imedianu 4096 Jan 29 13:33 public_html

After chmod 644 the site shows normally.

My config: WHM 11.42.0 build 1 on CentOS 5.10 x86_64 xenpv. PhP 5 handler suphp en Apache suEXEC.

Because the skeleton files are copied from /root/cpanel3-skel I also checked their permissions:
drwxr-xr-x 2 root root 4096 Jan 28 17:00 public_html

umask is set on 0022 what should be ok. As far as I know that results in 755 for dirs and 644 for files.

What should i check to solve this?

Best regards,

Janno Hordijk
MagicServices

 

[quietFinn]

AFAIK the correct permissions of the public_html directory is 750,
and the correct user:group is CPANELUSERNAME nobody.

 

[quizknows]

AFAIK the correct permissions of the public_html directory is 750,
and the correct user:group is CPANELUSERNAME nobody.

That is correct. Public_html should be 750.

If you're getting the directory index forbidden you might just have Options -indexes in your htaccess or have indexes unselected in the apache options in WHM. Try putting a file in there owned by the user named index.html and see if it loads.

 

[quietFinn]

That is correct. Public_html should be 750.

If you're getting the directory index forbidden you might just have Options -indexes in your htaccess or have indexes unselected in the apache options in WHM. Try putting a file in there owned by the user named index.html and see if it loads.

In public_html 750 does not work if both user & group are CPANELUSERNANE, group must be the user Apache is using, i.e. nobody.

 

[quizknows]

I said you were correct about owner/group, I was not contridicting your statements. Yes, it should be user:nobody, 750 as you stated.

With that information, the original poster should just need to change group ownership to 'nobody' (the Apache user).

 

[cPanelMichael]

After chmod 644 the site shows normally.

Hello

The previous posts are accurate. Please let us know if using the correct permission/ownership values on the public_html directory makes a difference. Note that you can troubleshoot the error message directly by reviewing /usr/local/apache/logs/error_log when you notice the error in your browser.

Thank you.

 

[jannohordijk]

AFAIK the correct permissions of the public_html directory is 750,
and the correct user:group is CPANELUSERNAME nobody.

I use suphp and suEXE and I thought they don't allow groupname nobody?

But how do I tell CPanel to create the public_html dir with CPANELUSERNAME:nobody permissions?

Best regards, Janno

 

[quietFinn]

But how do I tell CPanel to create the public_html dir with CPANELUSERNAME:nobody permissions?

You don't have to, cPanel uses those setting by default.

 

[jannohordijk]

Re: CPanel skeleton -> wrong permission on public_html dir upon account creation

You don't have to, cPanel uses those setting by default.

No, unfortunately not: as I wrote earlier these are the settings directly after creating a new account:

drwxr-x--- 3 imedianu imedianu 4096 Jan 29 13:33 public_html

- - - Updated - - -

Hello

Note that you can troubleshoot the error message directly by reviewing /usr/local/apache/logs/error_log when you notice the error in your browser.

Here is the error in the error_log

[Tue Feb 04 20:41:49 2014] [crit] [client 77.250.118.201] (13)Permission denied: /home/imedianu/public_html/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

 

[cPanelMichael]

Hello

Could you verify if you have installed Mod_Ruid2 on this system?

Thank you.

 

[jannohordijk]

Hello

Could you verify if you have installed Mod_Ruid2 on this system?

Thank you.

No I haven't. Is that neccessary? I have suEXE and suPHP installed.

 

[cPanelMichael]

It's not necessary but it would explain why the default group ownership for the public_html directory was configured as the account username. Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.

 

[jannohordijk]

It's not necessary but it would explain why the default group ownership for the public_html directory was configured as the account username. Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.

I just did!

Best regards, Janno

 

[cPanelMichael]

I just did!

Best regards, Janno

Feel free to post the ticket number here so we can update this thread with the outcome.

Thank you.