The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel skeleton -> wrong permission on public_html dir upon account creation

Discussion in 'Security' started by jannohordijk, Feb 3, 2014.

  1. jannohordijk

    jannohordijk Member

    Joined:
    Jan 31, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Since a few weeks I've got the following problem. After creating a new account, the home/{account}/public_html directory has not enough rights and the webserver gives a 'Forbidden You don't have permission to access / on this server'.

    drwxr-x--- 3 imedianu imedianu 4096 Jan 29 13:33 public_html

    After chmod 644 the site shows normally.

    My config: WHM 11.42.0 build 1 on CentOS 5.10 x86_64 xenpv. PhP 5 handler suphp en Apache suEXEC.

    Because the skeleton files are copied from /root/cpanel3-skel I also checked their permissions:
    drwxr-xr-x 2 root root 4096 Jan 28 17:00 public_html

    umask is set on 0022 what should be ok. As far as I know that results in 755 for dirs and 644 for files.

    What should i check to solve this?

    Best regards,

    Janno Hordijk
    MagicServices
     
  2. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    AFAIK the correct permissions of the public_html directory is 750,
    and the correct user:group is CPANELUSERNAME nobody.
     
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    That is correct. Public_html should be 750.

    If you're getting the directory index forbidden you might just have Options -indexes in your htaccess or have indexes unselected in the apache options in WHM. Try putting a file in there owned by the user named index.html and see if it loads.
     
  4. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    In public_html 750 does not work if both user & group are CPANELUSERNANE, group must be the user Apache is using, i.e. nobody.
     
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    I said you were correct about owner/group, I was not contridicting your statements. Yes, it should be user:nobody, 750 as you stated.

    With that information, the original poster should just need to change group ownership to 'nobody' (the Apache user).
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The previous posts are accurate. Please let us know if using the correct permission/ownership values on the public_html directory makes a difference. Note that you can troubleshoot the error message directly by reviewing /usr/local/apache/logs/error_log when you notice the error in your browser.

    Thank you.
     
  7. jannohordijk

    jannohordijk Member

    Joined:
    Jan 31, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I use suphp and suEXE and I thought they don't allow groupname nobody?

    But how do I tell CPanel to create the public_html dir with CPANELUSERNAME:nobody permissions?

    Best regards, Janno
     
  8. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    You don't have to, cPanel uses those setting by default.
     
  9. jannohordijk

    jannohordijk Member

    Joined:
    Jan 31, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Re: CPanel skeleton -> wrong permission on public_html dir upon account creation

    No, unfortunately not: as I wrote earlier these are the settings directly after creating a new account:

    drwxr-x--- 3 imedianu imedianu 4096 Jan 29 13:33 public_html

    - - - Updated - - -

    Here is the error in the error_log

    [Tue Feb 04 20:41:49 2014] [crit] [client 77.250.118.201] (13)Permission denied: /home/imedianu/public_html/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  11. jannohordijk

    jannohordijk Member

    Joined:
    Jan 31, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    No I haven't. Is that neccessary? I have suEXE and suPHP installed.
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It's not necessary but it would explain why the default group ownership for the public_html directory was configured as the account username. Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  13. jannohordijk

    jannohordijk Member

    Joined:
    Jan 31, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I just did!

    Best regards, Janno
     
  14. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Feel free to post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page