help UPCP is breaking public_html's chmod

Snowman30

Well-Known Member
PartnerNOC
Apr 7, 2002
679
0
316
cPanel Access Level
DataCenter Provider
Got a really strange problem on one server that occurs every time we upgrade CPanel

The chmod of public_html gets reset to 750 everytime upcp is run

we run suphp so normally run the permissions at 751

anyone got any idea whats doing this and how we can correct this?
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,216
11
313
Houston, TX
cPanel Access Level
Root Administrator
Got a really strange problem on one server that occurs every time we upgrade CPanel

The chmod of public_html gets reset to 750 everytime upcp is run

we run suphp so normally run the permissions at 751

anyone got any idea whats doing this and how we can correct this?
Typically SuPHP scripts (and folders in which they run) can be set to 750 without issue. As SuPHP runs as the user, there is no need for global execute permissions.
 

jdlightsey

Perl Developer III
Staff member
Mar 6, 2007
126
2
243
Houston Texas
cPanel Access Level
Root Administrator
With mod_suphp, user:nobody with 750 permissions should work fine. The only exception to this is on FreeBSD where uploaded files inherit the GID of the directory they're placed into. If you're running FreeBSD edit /opt/suphp/etc/suphp.conf and change paranoid_gid_check to false.

The permissions issue will be corrected with the next build of cPanel. It should only change the ownership to user:nobody and set permissions at 750 if you've enabled fileprotect. You can check by looking for /var/cpanel/fileprotect. If you have that file, fileprotect is enabled.
 

Snowman30

Well-Known Member
PartnerNOC
Apr 7, 2002
679
0
316
cPanel Access Level
DataCenter Provider
we run 60 odd cpanel servers with the same configuration, they all used to have phpsuexec which required 751 and since moving up to apache 2.2 and suPHP the only way php will run is with 751

these are not free bsd servers but centos 5 installs

file ownership of public_htmls and contents is always user:user not user:nobody
 

WebHostDog

Well-Known Member
Sep 3, 2006
144
1
166
cPanel Access Level
Website Owner
Do not see why 750 will not be fine with public_html when you run it as CGI. You might have a different type of problem.


Thanks,
 

Snowman30

Well-Known Member
PartnerNOC
Apr 7, 2002
679
0
316
cPanel Access Level
DataCenter Provider
Do not see why 750 will not be fine with public_html when you run it as CGI. You might have a different type of problem.


Thanks,
on 60 or so servers? on every site... if thats the case then its a big problem

CPanel techs have discussed thsi with us in the past and 751 or 711 appears to be the norm,
 

jdlightsey

Perl Developer III
Staff member
Mar 6, 2007
126
2
243
Houston Texas
cPanel Access Level
Root Administrator
If you wouldn't mind putting in a ticket marked "ATTN: JD", I'd love to see exactly what's going wrong here. You're correct that PHPSuexec had this problem, but mod_suphp shouldn't. If that was the case then every cPanel server with Fileprotect enabled would have the same issue.