Deny Permission to delete/edit files like .htaccess?

[BG06]

Is it possible to deny access for files like .htaccess or even certain .php files for cPanel users?

I don't want some accounts to have the permission to change .htaccess or remove some files in their public_html folder.

 

[ninja_byte]

What kinds of files within their public_html folder?
If you have specific rules that you don't want them to change within their .htaccess, define them within the apache configuration file(s), or place a .htaccess directly in /home (note, the latter option might cause load increase).

If you want to disable user-land .htaccess files, you can do this in the apache configuration files as well.

I guess a better question is: What are you trying to accomplish? What's the situation that caused this question to come up..?

 

[BG06]

I added this into the .htaccess of some users and now I don't want them to remove or alter the file. As I cannot move the ad.php to another directory above the users because open_basedir is enabled I'd like to protect this one too.

Putting the .htacess into /home would cause every user to apply this file, right? But as I don't want every user to have this forced ads this is not a solution for me.

 

[mambovince]

What about using chown so as these files are owned by root, hence user cannot modify?

- Vince

 

[BG06]

Is it possible to have the owner of these files changed automatically on account creation?

 

[ujr]

you could try putting them in the in the accounts skeleton directory and chowning them to root:root

 

[yapluka]

chattr +i /path/to/.htaccess will make the file non modifiable

 

[BG06]

chattr: Inappropriate ioctl for device while reading flags on /root/cpanel3-skel/public_html/.htaccess

Thats not gonna work.

you could try putting them in the in the accounts skeleton directory and chowning them to root:root

I tried that but the user still can edit everything.

 

[yapluka]

You would need to chattr +i once the .htaccess is in place in your customer account.

 

[BG06]

It doesn't matter where the file is I always get the same output.

 

[BG06]

I still couldn't find a solution for the permissions

 

[Spiral]

Instead of putting commands in .htaccess that you don't want the user to change,
put them in the VirtualHost section of /etc/httpd/conf/httpd.conf for the site(s)
you want those commands added.

If you are trying to do this for all sites, you could use a <Location /> section
before the VirtualHosts sections and put your command in that and whatever
you do would be globally applied to all sites.

Side perk on either method placing commands in Apache's config file is that you
don't have to worry about OpenBaseDir anymore because commands put into
the Apache configuration itself are not subject to any of that.


.