The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

EasyApache 4 secure solution

Discussion in 'EasyApache' started by epaslv, Aug 16, 2016.

Tags:
  1. epaslv

    epaslv Member

    Joined:
    May 18, 2010
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    I am struggling to find a solution to a problem.

    Using PHP I have written a script to check some security settings. The PHP file list all the accounts in the /home directory then scans through public_html folders, opens up config files and gets the username and password to the MySQL databases for other users, connect to MySQL etc. I guess you can then read all mail from other peoples accounts too.

    I am trying to prevent any read access through PHP outside the accounts home.

    However I have tried to provision all profiles as supplied by EasyApache but can stop the script from doing above?

    I must be missing something big here? Any comments would help
     
  2. vacancy

    vacancy Member

    Joined:
    Sep 20, 2012
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    dso-suphp handler you using?
     
  3. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    346
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    I do feel this could be better documented. By default (i.e without a jail) as you have seen, the basic operating system file permissions are king. I've not played with it for a while (so may be talking out of my arse) but If you are jailing each user with cPanel jailshell and virtualhosts with apache mod_ruid2, you would then want to run php as dso per the below documents

    Tweak Settings - Security - Documentation - cPanel Documentation.

    Apache Module: ModRuid2 - EasyApache - cPanel Documentation

    Vanessa may or may not be along soon to point out that some jails are superior to others and cloudlinux cagefs might be a thing you want to look at...
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    The previous post offers some helpful information on this topic. Feel free to let us know the current PHP handler you are using if you would like additional advice:

    Code:
    /usr/local/cpanel/bin/rebuild_phpconf --current
    Also, you may find this document helpful:

    Symlink Race Condition Protection - EasyApache - cPanel Documentation

    Thank you.
     
Loading...

Share This Page