Files Owned by nobody and Disk Usage!

IdleServ

Well-Known Member
Oct 27, 2003
60
4
158
Is cPanel going to try do something about checking what is physically in a users account space rather than just search for files owned by the user to calculate total disk space?

I've just discovered an account using over 14GB of disk space with attachments uploaded via their forums.

This is not the 1st time.

Users are getting away with being able to exceed disk space limits because files are owned by nobody due to PHP uploads.
 

aby

Well-Known Member
May 31, 2005
638
0
166
India
IdleServ said:
Is cPanel going to try do something about checking what is physically in a users account space rather than just search for files owned by the user to calculate total disk space?

I've just discovered an account using over 14GB of disk space with attachments uploaded via their forums.

This is not the 1st time.

Users are getting away with being able to exceed disk space limits because files are owned by nobody due to PHP uploads.
You can disable the option upload using php in php.ini
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
Indeed. One of several reasons I always have phpsuexec enabled on all of my own servers. Ultimately, it's an issue between php and apache and the poor way that php has been developed for the real world and there's little cPanel can do about it.
 

IdleServ

Well-Known Member
Oct 27, 2003
60
4
158
Disabling uploads and chowning files isn't an option as that will cause problems with user's scripts.

Reason for chowning files being bad is because the script will then not have access to delete the uploaded file. It would be a headache to get the user to understand about permissions and chmod'ing, etc... especially if they are just newbies using a 3rd party script.

Just wish cPanel could modify their script to look at whats physically in a user's homedir.
 

carock

Well-Known Member
Sep 25, 2002
268
9
168
St. Charles, MO
Since PHP created the files as user nobody, wouldn't PHP also be able to chown them to another user?

If so, does someone have a utility script that can be run to facilitate the changing of ownership of these files?

I know this is an old thread, but I didn't want to start a new one for the same problem.

Thanks,
Chuck
 

sparek-3

Well-Known Member
Aug 10, 2002
2,067
237
368
cPanel Access Level
Root Administrator
carock said:
Since PHP created the files as user nobody, wouldn't PHP also be able to chown them to another user?

If so, does someone have a utility script that can be run to facilitate the changing of ownership of these files?

I know this is an old thread, but I didn't want to start a new one for the same problem.

Thanks,
Chuck
PHP created the files as nobody because that is the user that was running the Apache process that wrote the files. It doesn't have signficant privileges to change the ownership.

As chirpy stated this is just an issue between PHP and Apache. I'm not sure which side is to blame or really if any side is to really blame. This is just the way it works. Apache runs as nobody, PHP scripts run as nobody, files written by PHP as owned by nobody.

From a security point of view, if you are going to have PHP scripts that upload and/or create files, then PHP needs to be run as CGI or in some way, run the PHP script as the account owner. Having files owned by nobody and having open directories that are required for PHP scripts to write files as nobody can be a security risk.

Running PHP as CGI (FastCGI, phpsuexec, suPHP, etc) may result in a slight performance loss, but its either that or having insecurities on the server. Take your choice.