Execute php permissions group owner fails.

wyattbiker

Member
Nov 26, 2010
18
0
51
I have a peculiar situation. I created a new group and a new user in that group from the command line. (I have root access). I need to do this for a user to connect via SSH a cpanel created database but block them from logging into cpanel itself nor any of the folders. The connection works fine and they can see the database.

In addition I added the user and the cpaneladmin under the new group.

I then also created a folder under public_html and gave permissions to the new group.

I created in the folder a simple phpinfo.php file but I cant get it to execute. Even though i set execute permissions for ugo. However I can access a dummy file via http://.... a test.html file.

Any ideas? Why cant my php code execute? Do I have to add something to the apache?

Here is the stat privfolder

File: `privfolder'
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 803h/2051d Inode: 6457078 Links: 2
Access: (0775/drwxrwxr-x) Uid: ( 503/ cpaneladmin) Gid: (32010/grpprivfolder)
Access: 2011-03-25 16:06:25.000000000 -0400
Modify: 2011-03-25 15:57:24.000000000 -0400
Change: 2011-03-25 16:05:54.000000000 -0400
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
Are you running suPHP? If so, that folder has permissions set too high. They cannot be higher than 755 for any folder under suPHP nor higher than 644 for any file.

You can determine the PHP handler in WHM > Apache Configuration > PHP and SuExec Configuration area.
 

wyattbiker

Member
Nov 26, 2010
18
0
51
Are you running suPHP? If so, that folder has permissions set too high. They cannot be higher than 755 for any folder under suPHP nor higher than 644 for any file.

You can determine the PHP handler in WHM > Apache Configuration > PHP and SuExec Configuration area.
I am running suPHP. I changed the folder to 755 and the phpi.php to 644. The group is grpfolder and the owner is cpaneladmin. Still doesnt work. However if I change the group to cpaneladmin it works fine.

I would like to set the group to grpfolder so that I can have my user create php code and save it in this folder.

Current Configuration

Option Configured Value
Default PHP Version (.php files) 5
PHP 5 Handler suphp
PHP 4 Handler none
Apache suEXEC on
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
What is the exact error in the error logs for Apache or suPHP at /usr/local/apache/logs/error_log or suphp_log

I don't think suPHP is going to allow the group to not be the same as the owner in this instance and that's the issue. I am wondering if you disable FileProtect by running /scripts/disablefileprotect if that would get it to work. It's pretty insecure to be disabling FileProtect, though, and I'm not sure if that's possible to do on a per-user basis instead.

If you do decide to disable FileProtect, you'll need to redistill Apache, rebuild Apache and restart it:

Code:
cp /usr/usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.bak110325
/usr/local/cpanel/bin/apache_conf_distiller --update
/scripts/rebuildhttpdconf
/etc/init.d/httpd restart
 

wyattbiker

Member
Nov 26, 2010
18
0
51
SoftException in Application.cpp:256: File ".........../phpi.php" is writeable by group

SoftException in Application.cpp:431: Mismatch between target GID (501) and GID (32010) of file "............./phpi.php"

Should I create a user who has the same name as the group? Will that help?
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
First of all, it says the file permissions are still too high on that file, so ensure the file permissions aren't higher than 644 again.

Can you grep the GID number in /etc/group for 501 and 32010 to ensure which users it is reporting for the group?