epaslv

Member
May 18, 2010
22
0
51
Melbourne, Australia
cPanel Access Level
Root Administrator
I am struggling to find a solution to a problem.

Using PHP I have written a script to check some security settings. The PHP file list all the accounts in the /home directory then scans through public_html folders, opens up config files and gets the username and password to the MySQL databases for other users, connect to MySQL etc. I guess you can then read all mail from other peoples accounts too.

I am trying to prevent any read access through PHP outside the accounts home.

However I have tried to provision all profiles as supplied by EasyApache but can stop the script from doing above?

I must be missing something big here? Any comments would help
 

ThinIce

Well-Known Member
Apr 27, 2006
352
9
168
Disillusioned in England
cPanel Access Level
Root Administrator
I do feel this could be better documented. By default (i.e without a jail) as you have seen, the basic operating system file permissions are king. I've not played with it for a while (so may be talking out of my arse) but If you are jailing each user with cPanel jailshell and virtualhosts with apache mod_ruid2, you would then want to run php as dso per the below documents

Tweak Settings - Security - Documentation - cPanel Documentation.

Apache Module: ModRuid2 - EasyApache - cPanel Documentation

Vanessa may or may not be along soon to point out that some jails are superior to others and cloudlinux cagefs might be a thing you want to look at...
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello,

The previous post offers some helpful information on this topic. Feel free to let us know the current PHP handler you are using if you would like additional advice:

Code:
/usr/local/cpanel/bin/rebuild_phpconf --current
Also, you may find this document helpful:

Symlink Race Condition Protection - EasyApache - cPanel Documentation

Thank you.