I have a problem related to permissions

rscalover

Well-Known Member
Dec 16, 2010
86
10
58
cPanel Access Level
Root Administrator
Hello,

I found a new hobby running an SSH honeypot and watching what the "naughty peole" are trying todo but i have a problem the addon that analyzes the collected data and displays those fancy graphs has a feature called "replay session log" it means i can watch what the attackers are trying todo but it is using an acl and group "www-data" needs read access to the correct directory.

Since i am not running ubuntu or Debian (or any of it's equivelants) but centos the group "www-data" doesn't exist on centos www-data is nobody on centos but that causes another problem.The honeypot addon is written in PHP and it uses the is_readable() function PHP: is_readable - Manual so i need the user that is running PHP but i have doubts i have mod_suexec enabled i think in that case it is not nobody but the account username but i can't get it to work

not really cPanel related this questiin but it is bugging me my kernel supports acl's already checked .
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,914
910
313
cPanel Access Level
Root Administrator
Hey there! You're correct that Apache and PHP run as the nobody user on CentOS with cPanel. In general, cPanel tools restrict the Apache processes to user accounts, so all PHP scripts run as the account user. If you don't have that protection in place, tools like WordPress and other CMS software that let you upload files get owned by nobody, so the users aren't able to access their own content.

Is this tool running under a cPanel account or is it installed outside of a cPanel user? If it's outside a user, I'm not personally sure of a great way to get that working securely while still giving it access to tools it needs to function.
 

rscalover

Well-Known Member
Dec 16, 2010
86
10
58
cPanel Access Level
Root Administrator
Hello,

The addon is running under a cPanel account yes but the files it needs to access to be able to function as it should are outside in another directory not related to cPanel.The instructions mention you need to run setfacl -Rm g:correct_group_here:rx /path/to/the/files but even when i do that it's not working acl's should be supported out of the box since it is a xfs system.

I'm suspecting imunify360 hardened PHP has something todo withn it just a feeling though can't proof that.