The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to get free "unlimited" disk space for any cpanel account

Discussion in 'General Discussion' started by electric, Dec 5, 2006.

  1. electric

    electric Well-Known Member

    Joined:
    Nov 5, 2001
    Messages:
    697
    Likes Received:
    1
    Trophy Points:
    18
    Note: This does not apply if you are running phpsuexec on your server.

    It appears to be easily possible for any cpanel account user to get free "unlimited" disk space.

    1) Create a cpanel account with a disk space limit of 5mb.

    2) Upload any PHP script that allows file uploads using html form posts.

    3) Use the script to upload files... don't stop until the drive is full. :eek:

    The files uploaded by the php script are owned by the "nobody" user, so the Cpanel quota system does not include them in the disk space usage calculation for the user. You can only see actual disk usage for a folder by clicking the "Disk Usage Viewer" utility in cpanel. If you rely on WHM or the "cpanel stats" quota system, then all the files uploaded by the php script will not be seen, and it's possible for any cpanel user to upload unlimited files with no way to know about it. Their account will never be frozen since they will never go over their cpanel account "limit".

    If anyone knows about a solution to this problem, I'm interested to know what it is. We only became aware of this after seeing the daily backups for some accounts were very large, when the actual disk usage shown by cpanel for the account was very small.

    :(
     
    #1 electric, Dec 5, 2006
    Last edited: Dec 5, 2006
  2. chae

    chae Well-Known Member

    Joined:
    Apr 19, 2003
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Auckland, New Zealand
    I noticed the same thing by chance last week with a customers site, they run an auction software package & the software lets those running an auction upload images as you would expect but the images etc are uploaded as nobody nobody. The owner of the site pays for 500Mb of disk space but in reality they're using about 4Gb. Worse thing is they run about 4 different specialty auction sites...we asked them to contact the software developers to see if this could be resolved and nothing as yet from them.
     
  3. yapluka

    yapluka Well-Known Member

    Joined:
    Dec 24, 2003
    Messages:
    301
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    France
    cPanel Access Level:
    Root Administrator
    A crude fix could be to run a cronjob that will chown -R user.user /home/user/public_html/*

    Something like this :

    Code:
    #!/bin/bash
    cd /var/cpanel/users
    for user in *
    do
    chown -R $user.$user /home/$user/public_html/*
    done
    
    
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That's the only way (yapluka post) you're going to work around the issue if you don't enable phpsuexec as it's a limitation of the security model of PHP and the way *nix quotas work since the files aren't and can't be owned by the user account.
     
  5. sjat

    sjat Member

    Joined:
    May 9, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Well....
    I see its not a new thread, but it is the answer of my question:)

    Now we comes to my really newbie question: How do I do that ?
    Just create the script and then drop it to /etc/cron.hourly ?
    (If I want to run the script every hour)

    Regards
    Sjat
     
  6. gvard

    gvard Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2003
    Messages:
    195
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Athens/GREECE
    cPanel Access Level:
    DataCenter Provider
    Hello,

    You can run /scripts/chownpublichtmls but I don't think you should make it run every hour, because from the beginning until the end of the script all pages on the server show 403 errors (it lasts about 5 mins, I run it once per month).
     
  7. sjat

    sjat Member

    Joined:
    May 9, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Thank you for your reply :)
    Does that mean that I just can drop the /scripts/chownpublichtmls to /etc/cron.monthly ?
    And then it will be executed once pr month ?
     
  8. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    I'm not sure you would want to run that. Last I recall is that will delete files owned by "nobody" unless that has changed, I have not looked at the script to verify.

    I would use the original script from yapluka, and yes, you can dump that into cron.hourly and it will obviously not remove access while it is running. I use it myself on 400 plus account servers every couple hours.
     
  9. sjat

    sjat Member

    Joined:
    May 9, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Thank you very much.....
    You are very helpfull - I think I will try the last solution as jayh38 described.
     
  10. yapluka

    yapluka Well-Known Member

    Joined:
    Dec 24, 2003
    Messages:
    301
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    France
    cPanel Access Level:
    Root Administrator
    Just don't forget to give the execute permission to the script. chmod 700 will do the trick just fine :)
     
  11. gvard

    gvard Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2003
    Messages:
    195
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Athens/GREECE
    cPanel Access Level:
    DataCenter Provider
    Hello,

    The scripts doesn't delete all files owned by nobody, it just changes the owner of the files. I'm doing it once every month in my server and no files were deleted.
     
  12. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    Perhaps cPanel needs to update their documentation. But nevertheless, the other method is much faster and sites are always available during its run. I would get too many calls if all pages were 403 for several minutes.

    Quote from cpanel document as found here.

    chownpublichtmls - Change ownership of all users web space to them, which is useful for converting to suexec. Files owned by nobody are deleted.
     
  13. mwmconsulting

    mwmconsulting Member

    Joined:
    Apr 15, 2006
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    Thank You!

    yapluka's fix is a beauty! Spot on for fixing this issue (which I'm surprised cPanel has not addresses personally).

    I might also suggest adding another element to this script. If you are using cPanel 10, after the chown line add

    Code:
    rm -f /home/$user/.cpanel-datastore/quota_-v
    and for cPanel 11 add

    Code:
    rm -f /home/$user/.cpanel/datastore/quota_-v
    This addition will ensure that the disk usage information displayed on the cPanel page will be up-to-date when the user next visits their cPanel (as the deleted quota_-v file will automatically be recreated with the updated information). Ordinarily, I'm told the cpanel information is refreshed every 24 hours so this step is not mandatory just beneficial.

    Lastly, for those of you who implement Menalto's Gallery (http://gallery.menalto.com), you'll also need to chown all the files in the user's gallery albums directory (as they too are owned by "nobody").
     
  14. jrehmer

    jrehmer Well-Known Member

    Joined:
    Apr 10, 2003
    Messages:
    287
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Denver, CO
    What about these types of messages where the disk quota is exceeded and it won't chown?

    chown: changing ownership of `/home/someone/public_html/gallery/g2data/cache/module/customfield/0/1/14.inc': Disk quota exceeded
     
Loading...

Share This Page