The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Ideal permission for public_html

Discussion in 'General Discussion' started by AMiRU, Apr 22, 2012.

  1. AMiRU

    AMiRU Registered

    Joined:
    Apr 22, 2012
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I wonder what's the ideal permission for public_html, 750 or 755?

    Seems like with 755, if a user upload some kind of a malicious code, he/she can access the whole accounts hosted under the same server. To me, 750 sound better but /scripts/chownpublichtml will change permission to 755 and change ownership of public_html to user:user.

    I wonder if there is a way to change this.

    Please advice, thank you.
     
  2. m8internet

    m8internet Member

    Joined:
    Jan 2, 2011
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Cumbernauld, Scotland, UK
    public_html should be 750
    Any sub-folder should then be 777 and these are the ones where public upload is permitted
    All other sub-folders should be 755 and these will not normally allow public upload
     
  3. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Is there a reason you are running /scripts/chownpublichtml on the machine? Just wondered why it was being used or if there's something else you have that is triggering that script.
     
  4. NetMantis

    NetMantis BANNED

    Joined:
    Apr 22, 2012
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Utah
    cPanel Access Level:
    DataCenter Provider
    For public_html folder itself, that should be account owner owned with a group of 'nobody' and the permissions should be 750 for the folder

    Subfolders however are a little bit trickier and depend heavily on what type of PHP you are running.

    M8internet's post above is partially correct but would be valid if and only if you are running PHP as DSO (mod_php) which is a configuration I personally would never recommend to anyone because of the extensive security problems associated with running PHP in that manner.

    If you are running PHP as any other type such as the now more common SuPHP or FCGI then all your sub-folders beneath the public_html folder would be 755 regardless of whether you wanted to use them as writable or non-writable folders.

    Incidentally 755 under either of these types of PHP configurations is actually itself writable.

    PHP scripts under DSO based PHP would usually be 644 while under SuPHP or FCGI, you could feasibly make the scripts as tight as 400 and still work though 600 would be most recommended.

    CGI (*.cgi, *.pl) and some PHP scripts such as those called from crons would be 755 permission

    Non-Script files such as html files, css files, images, and so forth would be 644 permission

    If you are running either SuPHP or FCGI, you can (and should) safely disregard any instructions from any program you have telling you to set '777' or '666' permissions anyway. Those permissions only pertain to DSO based PHP only. Under SuPHP or FCGI, you would set 755 for any folders you are told to set 777 for a program and you would set 644 for any files you are told to set to '666'.

    A side little trivia footnote (a lot of people surprisingly don't know) is if you do set 777 on any files or folders on either a SuPHP or FCGI system, it will actually break your web program you are trying to run and at the best of cases cause severe performance slowdowns and at the worst actually crash the site completely with an error 500 condition. This is because 777 under SuPHP or FCGI systems is roughly equivalent to 000 or no access. Most program authors when writing documentation for their programs fail to tell you that and just blindly assume that you are running DSO (mod_php) based PHP when writing documentation.

    But anyway, back to your base original question, public_html itself should be 750.

    I hope this post is informative and helpful to you sorting out your permission issues.
     
    #4 NetMantis, Apr 23, 2012
    Last edited: Apr 23, 2012
  5. AMiRU

    AMiRU Registered

    Joined:
    Apr 22, 2012
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I was getting Internal Server Error when I changed public_html folder to 750, I google and read that I should run /scripts/chownpublichtmls

    I seem to have find the solution to my problem, I ran the following script
    Code:
    for i  in `cat /etc/trueuserdomains | awk '{print $2}'`
    do
    chown $i.$i /home/$i -R;
    chown $i.mail /home/$i/etc -R;
    chown $i.nobody /home/$i/public_html;
    chmod 750 /home/$i/public_html;
    done;
    That should be it right?
     
Loading...

Share This Page