Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Folder permissions automatically reverted

Discussion in 'General Discussion' started by PatrickVeenstra, Dec 6, 2018.

  1. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    155
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    I have an addon domain in its own folder $HOME/domain, the main domain is obviously in $HOME/public_html

    Once in a while (in this case November 1, November 23 and December 6 -the exact date may be wrong, it's the date I noticed) the permissions of that folder are changed to 755 back from 777.

    What process, cronjob, etc. modifies folder permissions?

    p.s. the owner is the user, not nobody:nogroup or nobody:nobody. Would changing that be a fix? (it would allow to use the 755 permission). ref: What permissions / ownership to set on PHP Sessions Folder when running FastCGI / PHP-FPM (as user "nobody")?
     
    #1 PatrickVeenstra, Dec 6, 2018
    Last edited: Dec 6, 2018
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,254
    Likes Received:
    479
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @PatrickVeenstra

    There shouldn't be any cron that changes file permissions. The only thing I can think of is fileprotect:

    Code:
     ls -lah /scripts/ |grep fileprotect
    -rwxr-xr-x  1 root root  3.1K Jun 26 14:14 disablefileprotect
    -rwxr-xr-x  1 root root  3.1K Jul 18 09:18 enablefileprotect
    If you run the script to disable fileprotect does the issue persist?


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    155
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    I've just ran the script. I'll let you know in a couple of weeks I guess. Thanks.
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,254
    Likes Received:
    479
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @PatrickVeenstra

    I would assume it's happening during an update, you could try running the update process to see if anything changes.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    155
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    Just checked and permissions were reverted again.

    "fixed" it, recompiled Apache (EasyApache) and it was reverted again :(
     
  6. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    1,088
    Likes Received:
    442
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Check to see if you have enabled WHM » Server Configuration » Tweak Settings > Security > Enable File Protect
    This option enables the EasyApache FileProtect module, which improves the security of each user’s public_html director


    Tweak Settings - Security - Version 74 Documentation - cPanel Documentation
    The EasyApache 4 FileProtect Option - EasyApache 4 - cPanel Documentation
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    cPanelLauren likes this.
  7. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    155
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    Thanks but Enable File Protect is Off
     
  8. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    1,088
    Likes Received:
    442
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Is that not what you are seeing ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    155
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    Correct, when you disable it it sets 755 when you enable it 750
     
  10. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    1,088
    Likes Received:
    442
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Now I am confused.

    755 is the correct and default permission level for cPanel folders - why would you want them to be 777 which is inherently too permissive and insecure, and opens the folder and its content for any process to use for malware ?

    I don't think the folders should have ever been changed to 777 in the first place !
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    155
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    I want Apache to create a directory and write a few files. It's a single user server and performance is a must.
     
  12. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,254
    Likes Received:
    479
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    That didn't really answer the question and I believe I misunderstood the original question. The issue you're having is that Files/Folders aren't staying with 777 perms. What PHP handler are you running? I'm not entirely sure this matters though, where are you trying to create the folder?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    155
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    I'm creating them in $HOME/subdomain (e.g. $HOME/subdomain/AA)
    I used to run Apache 2.2 with DSO, but right now I'm running Apache 2.4 with PHP 5.6 and 7.1 in cgi. That specific account is using 5.6.
     
  14. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,254
    Likes Received:
    479
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @PatrickVeenstra

    You might try running DSO again, you can get it in EasyApache - just search DSO in PHP Extensions. One word of warning though you can only have it installed/active on one PHP version at a time.

    The documentation here might help in explaining why what's happening is PHP Handlers - EasyApache 4 - cPanel Documentation
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    155
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    So there's no way to keep permissions? The only way would be to check permissions and setup a cron job to modify them if needed?

    Isn't there some way to execute a script after easy-apache runs? (to run a shell script to re-modify permissions)

    edit: Reading the old EA3 documentation: Script Hooks - EasyApache - cPanel Documentation

    Can I create a shell script named /scripts/posteasyapache to chmod that particular directory?
     
    #15 PatrickVeenstra, Dec 10, 2018
    Last edited: Dec 10, 2018
  16. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,254
    Likes Received:
    479
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. PatrickVeenstra

    PatrickVeenstra Well-Known Member

    Joined:
    Feb 12, 2012
    Messages:
    155
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Barcelona
    cPanel Access Level:
    Root Administrator
    So there's no Apache build hook anymore? Should I hook UPCP? That wouldn't work with a manual rebuild of Apache.
    What can I hook?

    Another "solution" would be to change the directory owner to nobody (as I see now, half of the folders in there are already owned by nobody), but....
     
    #17 PatrickVeenstra, Dec 10, 2018
    Last edited: Dec 10, 2018
  18. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    1,088
    Likes Received:
    442
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    As @cPanelLauren suggested, change the PHP handler for that account to one that will execute your PHP as the account user rather than 'nobody' (eg DSO + mod_mpm_itk or mod_ruid2 OR suPHP + mod_suphp). That way you will be able to write to the folder using the standard permissions mask, without having to make it world writeable, which would make it altogether more secure.

    See PHP Handlers - EasyApache 4 - cPanel Documentation for full details
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    cPanelLauren likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice