Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Files Owned by nobody and Disk Usage!

Discussion in 'General Discussion' started by IdleServ, Sep 29, 2005.

  1. IdleServ

    IdleServ Well-Known Member

    Joined:
    Oct 27, 2003
    Messages:
    50
    Likes Received:
    1
    Trophy Points:
    156
    Is cPanel going to try do something about checking what is physically in a users account space rather than just search for files owned by the user to calculate total disk space?

    I've just discovered an account using over 14GB of disk space with attachments uploaded via their forums.

    This is not the 1st time.

    Users are getting away with being able to exceed disk space limits because files are owned by nobody due to PHP uploads.
     
    #1 IdleServ, Sep 29, 2005
  2. aby

    aby Well-Known Member

    Joined:
    May 31, 2005
    Messages:
    638
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    India
    You can disable the option upload using php in php.ini
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 aby, Sep 29, 2005
  3. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    A fairly simple solution is to write a script that goes through home directories, chowning the nobody files to each user account, then they're included in the disk quota. Or, switch to using phpsuexec/suexec.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 brianoz, Sep 29, 2005
  4. chirpy

    chirpy Well-Known Member Verifed Vendor

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Indeed. One of several reasons I always have phpsuexec enabled on all of my own servers. Ultimately, it's an issue between php and apache and the poor way that php has been developed for the real world and there's little cPanel can do about it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 chirpy, Sep 29, 2005
  5. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Of course, one of the reasons it's switched on in my servers is because you administer them :)

    (I hate to give away one of my secrets ;) )
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 brianoz, Sep 29, 2005
  6. IdleServ

    IdleServ Well-Known Member

    Joined:
    Oct 27, 2003
    Messages:
    50
    Likes Received:
    1
    Trophy Points:
    156
    Disabling uploads and chowning files isn't an option as that will cause problems with user's scripts.

    Reason for chowning files being bad is because the script will then not have access to delete the uploaded file. It would be a headache to get the user to understand about permissions and chmod'ing, etc... especially if they are just newbies using a 3rd party script.

    Just wish cPanel could modify their script to look at whats physically in a user's homedir.
     
    #6 IdleServ, Sep 30, 2005
  7. chirpy

    chirpy Well-Known Member Verifed Vendor

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Since cPanel are using standard unix file ownerships, they can't for the reasons I mentioned.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #7 chirpy, Sep 30, 2005
  8. carock

    carock Well-Known Member

    Joined:
    Sep 25, 2002
    Messages:
    259
    Likes Received:
    7
    Trophy Points:
    168
    Location:
    St. Charles, MO
    Since PHP created the files as user nobody, wouldn't PHP also be able to chown them to another user?

    If so, does someone have a utility script that can be run to facilitate the changing of ownership of these files?

    I know this is an old thread, but I didn't want to start a new one for the same problem.

    Thanks,
    Chuck
     
    #8 carock, Sep 1, 2006
  9. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,853
    Likes Received:
    142
    Trophy Points:
    343
    cPanel Access Level:
    Root Administrator
    PHP created the files as nobody because that is the user that was running the Apache process that wrote the files. It doesn't have signficant privileges to change the ownership.

    As chirpy stated this is just an issue between PHP and Apache. I'm not sure which side is to blame or really if any side is to really blame. This is just the way it works. Apache runs as nobody, PHP scripts run as nobody, files written by PHP as owned by nobody.

    From a security point of view, if you are going to have PHP scripts that upload and/or create files, then PHP needs to be run as CGI or in some way, run the PHP script as the account owner. Having files owned by nobody and having open directories that are required for PHP scripts to write files as nobody can be a security risk.

    Running PHP as CGI (FastCGI, phpsuexec, suPHP, etc) may result in a slight performance loss, but its either that or having insecurities on the server. Take your choice.
     
    #9 sparek-3, Sep 1, 2006
(You must log in or sign up to post here.)
Loading...
Similar Threads - Files Owned nobody
  1. Mark Coates

    New Thread Hide directories/files from clients

    Mark Coates, Mar 23, 2019 at 12:38 PM, in forum: General Discussion
    Replies:
    0
    Views:
    59
    Mark Coates
    Mar 23, 2019 at 12:38 PM
  2. TechBill

    php scripts cannot see or access binary files

    TechBill, Mar 21, 2019 at 11:31 AM, in forum: General Discussion
    Replies:
    3
    Views:
    128
    cPanelMichael
    Mar 22, 2019 at 4:46 PM
  3. Okwunna Anyaeji

    Cronjob created so many files that can't be easily deleted

    Okwunna Anyaeji, Mar 6, 2019, in forum: Database Discussion
    Replies:
    2
    Views:
    145
    cPanelLauren
    Mar 7, 2019
  4. tidew

    large number of files in /var/cpanel/php/sessions/php56

    tidew, Feb 27, 2019, in forum: General Discussion
    Replies:
    5
    Views:
    221
    cPanelMichael
    Mar 1, 2019
  5. Alessandro Ferrara

    Wrong files permissions on entire server

    Alessandro Ferrara, Feb 25, 2019, in forum: General Discussion
    Replies:
    1
    Views:
    113
    cPanelLauren
    Feb 25, 2019

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice