cPanel skeleton -> wrong permission on public_html dir upon account creation

jannohordijk

Member
Jan 31, 2014
5
0
1
cPanel Access Level
Root Administrator
Since a few weeks I've got the following problem. After creating a new account, the home/{account}/public_html directory has not enough rights and the webserver gives a 'Forbidden You don't have permission to access / on this server'.

drwxr-x--- 3 imedianu imedianu 4096 Jan 29 13:33 public_html

After chmod 644 the site shows normally.

My config: WHM 11.42.0 build 1 on CentOS 5.10 x86_64 xenpv. PhP 5 handler suphp en Apache suEXEC.

Because the skeleton files are copied from /root/cpanel3-skel I also checked their permissions:
drwxr-xr-x 2 root root 4096 Jan 28 17:00 public_html

umask is set on 0022 what should be ok. As far as I know that results in 755 for dirs and 644 for files.

What should i check to solve this?

Best regards,

Janno Hordijk
MagicServices
 

quietFinn

Well-Known Member
Feb 4, 2006
1,222
87
178
Finland
cPanel Access Level
Root Administrator
AFAIK the correct permissions of the public_html directory is 750,
and the correct user:group is CPANELUSERNAME nobody.
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
AFAIK the correct permissions of the public_html directory is 750,
and the correct user:group is CPANELUSERNAME nobody.
That is correct. Public_html should be 750.

If you're getting the directory index forbidden you might just have Options -indexes in your htaccess or have indexes unselected in the apache options in WHM. Try putting a file in there owned by the user named index.html and see if it loads.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,222
87
178
Finland
cPanel Access Level
Root Administrator
That is correct. Public_html should be 750.

If you're getting the directory index forbidden you might just have Options -indexes in your htaccess or have indexes unselected in the apache options in WHM. Try putting a file in there owned by the user named index.html and see if it loads.
In public_html 750 does not work if both user & group are CPANELUSERNANE, group must be the user Apache is using, i.e. nobody.
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
I said you were correct about owner/group, I was not contridicting your statements. Yes, it should be user:nobody, 750 as you stated.

With that information, the original poster should just need to change group ownership to 'nobody' (the Apache user).
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
After chmod 644 the site shows normally.
Hello :)

The previous posts are accurate. Please let us know if using the correct permission/ownership values on the public_html directory makes a difference. Note that you can troubleshoot the error message directly by reviewing /usr/local/apache/logs/error_log when you notice the error in your browser.

Thank you.
 

jannohordijk

Member
Jan 31, 2014
5
0
1
cPanel Access Level
Root Administrator
AFAIK the correct permissions of the public_html directory is 750,
and the correct user:group is CPANELUSERNAME nobody.
I use suphp and suEXE and I thought they don't allow groupname nobody?

But how do I tell CPanel to create the public_html dir with CPANELUSERNAME:nobody permissions?

Best regards, Janno
 

jannohordijk

Member
Jan 31, 2014
5
0
1
cPanel Access Level
Root Administrator
Re: CPanel skeleton -> wrong permission on public_html dir upon account creation

You don't have to, cPanel uses those setting by default.
No, unfortunately not: as I wrote earlier these are the settings directly after creating a new account:

drwxr-x--- 3 imedianu imedianu 4096 Jan 29 13:33 public_html

- - - Updated - - -

Hello :)

Note that you can troubleshoot the error message directly by reviewing /usr/local/apache/logs/error_log when you notice the error in your browser.
Here is the error in the error_log

[Tue Feb 04 20:41:49 2014] [crit] [client 77.250.118.201] (13)Permission denied: /home/imedianu/public_html/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Hello :)

Could you verify if you have installed Mod_Ruid2 on this system?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
It's not necessary but it would explain why the default group ownership for the public_html directory was configured as the account username. Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.
 

jannohordijk

Member
Jan 31, 2014
5
0
1
cPanel Access Level
Root Administrator
It's not necessary but it would explain why the default group ownership for the public_html directory was configured as the account username. Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.
I just did!

Best regards, Janno