Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPanel skeleton -> wrong permission on public_html dir upon account creation

Discussion in 'Security' started by jannohordijk, Feb 3, 2014.

  1. jannohordijk

    jannohordijk Member

    Joined:
    Jan 31, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Since a few weeks I've got the following problem. After creating a new account, the home/{account}/public_html directory has not enough rights and the webserver gives a 'Forbidden You don't have permission to access / on this server'.

    drwxr-x--- 3 imedianu imedianu 4096 Jan 29 13:33 public_html

    After chmod 644 the site shows normally.

    My config: WHM 11.42.0 build 1 on CentOS 5.10 x86_64 xenpv. PhP 5 handler suphp en Apache suEXEC.

    Because the skeleton files are copied from /root/cpanel3-skel I also checked their permissions:
    drwxr-xr-x 2 root root 4096 Jan 28 17:00 public_html

    umask is set on 0022 what should be ok. As far as I know that results in 755 for dirs and 644 for files.

    What should i check to solve this?

    Best regards,

    Janno Hordijk
    MagicServices
     
  2. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    11
    Trophy Points:
    168
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    AFAIK the correct permissions of the public_html directory is 750,
    and the correct user:group is CPANELUSERNAME nobody.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,011
    Likes Received:
    88
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    That is correct. Public_html should be 750.

    If you're getting the directory index forbidden you might just have Options -indexes in your htaccess or have indexes unselected in the apache options in WHM. Try putting a file in there owned by the user named index.html and see if it loads.
     
  4. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    11
    Trophy Points:
    168
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    In public_html 750 does not work if both user & group are CPANELUSERNANE, group must be the user Apache is using, i.e. nobody.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,011
    Likes Received:
    88
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    I said you were correct about owner/group, I was not contridicting your statements. Yes, it should be user:nobody, 750 as you stated.

    With that information, the original poster should just need to change group ownership to 'nobody' (the Apache user).
     
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    The previous posts are accurate. Please let us know if using the correct permission/ownership values on the public_html directory makes a difference. Note that you can troubleshoot the error message directly by reviewing /usr/local/apache/logs/error_log when you notice the error in your browser.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. jannohordijk

    jannohordijk Member

    Joined:
    Jan 31, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I use suphp and suEXE and I thought they don't allow groupname nobody?

    But how do I tell CPanel to create the public_html dir with CPANELUSERNAME:nobody permissions?

    Best regards, Janno
     
  8. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    11
    Trophy Points:
    168
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    You don't have to, cPanel uses those setting by default.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. jannohordijk

    jannohordijk Member

    Joined:
    Jan 31, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Re: CPanel skeleton -> wrong permission on public_html dir upon account creation

    No, unfortunately not: as I wrote earlier these are the settings directly after creating a new account:

    drwxr-x--- 3 imedianu imedianu 4096 Jan 29 13:33 public_html

    - - - Updated - - -

    Here is the error in the error_log

    [Tue Feb 04 20:41:49 2014] [crit] [client 77.250.118.201] (13)Permission denied: /home/imedianu/public_html/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
     
  10. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Could you verify if you have installed Mod_Ruid2 on this system?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. jannohordijk

    jannohordijk Member

    Joined:
    Jan 31, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    No I haven't. Is that neccessary? I have suEXE and suPHP installed.
     
  12. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    It's not necessary but it would explain why the default group ownership for the public_html directory was configured as the account username. Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. jannohordijk

    jannohordijk Member

    Joined:
    Jan 31, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I just did!

    Best regards, Janno
     
  14. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Feel free to post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice