The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Deny Permission to delete/edit files like .htaccess?

Discussion in 'General Discussion' started by BG06, Oct 26, 2006.

  1. BG06

    BG06 Member

    Joined:
    Oct 20, 2006
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Is it possible to deny access for files like .htaccess or even certain .php files for cPanel users?

    I don't want some accounts to have the permission to change .htaccess or remove some files in their public_html folder.
     
  2. ninja_byte

    ninja_byte Member

    Joined:
    May 6, 2004
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    What kinds of files within their public_html folder?
    If you have specific rules that you don't want them to change within their .htaccess, define them within the apache configuration file(s), or place a .htaccess directly in /home (note, the latter option might cause load increase).

    If you want to disable user-land .htaccess files, you can do this in the apache configuration files as well.

    I guess a better question is: What are you trying to accomplish? What's the situation that caused this question to come up..?
     
  3. BG06

    BG06 Member

    Joined:
    Oct 20, 2006
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    I added this into the .htaccess of some users and now I don't want them to remove or alter the file. As I cannot move the ad.php to another directory above the users because open_basedir is enabled I'd like to protect this one too.

    Putting the .htacess into /home would cause every user to apply this file, right? But as I don't want every user to have this forced ads this is not a solution for me.
     
  4. mambovince

    mambovince Well-Known Member

    Joined:
    Jan 15, 2005
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    London, UK
    What about using chown so as these files are owned by root, hence user cannot modify?

    - Vince
     
  5. BG06

    BG06 Member

    Joined:
    Oct 20, 2006
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Is it possible to have the owner of these files changed automatically on account creation?
     
  6. ujr

    ujr Well-Known Member

    Joined:
    Mar 19, 2004
    Messages:
    290
    Likes Received:
    0
    Trophy Points:
    16
    you could try putting them in the in the accounts skeleton directory and chowning them to root:root
     
  7. yapluka

    yapluka Well-Known Member

    Joined:
    Dec 24, 2003
    Messages:
    301
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    France
    cPanel Access Level:
    Root Administrator
    chattr +i /path/to/.htaccess will make the file non modifiable :)
     
  8. BG06

    BG06 Member

    Joined:
    Oct 20, 2006
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1

    Thats not gonna work. :(


    I tried that but the user still can edit everything.
     
    #8 BG06, Oct 28, 2006
    Last edited: Oct 28, 2006
  9. yapluka

    yapluka Well-Known Member

    Joined:
    Dec 24, 2003
    Messages:
    301
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    France
    cPanel Access Level:
    Root Administrator
    You would need to chattr +i once the .htaccess is in place in your customer account.
     
  10. BG06

    BG06 Member

    Joined:
    Oct 20, 2006
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    It doesn't matter where the file is I always get the same output.
     
  11. BG06

    BG06 Member

    Joined:
    Oct 20, 2006
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    I still couldn't find a solution for the permissions :(
     
  12. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Instead of putting commands in .htaccess that you don't want the user to change,
    put them in the VirtualHost section of /etc/httpd/conf/httpd.conf for the site(s)
    you want those commands added.

    If you are trying to do this for all sites, you could use a <Location /> section
    before the VirtualHosts sections and put your command in that and whatever
    you do would be globally applied to all sites.

    Side perk on either method placing commands in Apache's config file is that you
    don't have to worry about OpenBaseDir anymore because commands put into
    the Apache configuration itself are not subject to any of that.


    .
     
    #12 Spiral, Nov 14, 2006
    Last edited: Nov 14, 2006
Loading...

Share This Page