nobody-owned files don't count towards quota?

[astopy]

I've just noticed that an account which we transferred from a different company's server has several GB of files which were owned by nobody, and which weren't being counted towards the user's quota. I'm guessing the other company didn't use suPHP and these files were uploaded through a PHP script, and after chowning them to the right user the disk usage in WHM is right.

It would be useful if cPanel automatically detected files in public_html which are owned by nobody and added them to the disk usage, or perhaps just chown them (of course leaving the group permissions set so that nobody can still write to the files, just in case).

 

[cPanelTristan]

Files that aren't owned by the user will not be counted toward the disk space, that is correct.

Of note, cPanel wouldn't automatically chown files to a user if the file might need to be owned by nobody for some purpose under a system using DSO. Changing ownership for files can be very dangerous, especially if it were automated in that manner.

If you do feel this is a request that you would like to see implemented; however, we have a feature request forum at this location to post the idea:

Feature Requests for cPanel and WHM

 

[kazar]

Hmmm. I could see where this could be a problem when accounts are hosting Drupal sites, because the classic instructions for securing sites/default/files directory & contents is to chown to nobody. This would mean, if the site is set up to use Drupal's public file system (which is the default) that image uploads by users -- i.e., the heftiest of all, are not counting towards the accounts quotas. Unless I misunderstand the above answer.

 

[cPanelTristan]

You aren't securing files by chowning them to nobody under suPHP. If you are using suPHP, you will be breaking sites to chown them to the nobody user for group ownership. Additionally, cPanel cannot auto chown files on a user's account without possible security issues being caused (if a file were a hardlink to a root file, then that root-owned file would become owned by the user at that point).

Please post a feature request as I mentioned if this is something that is being requested to count nobody owned files on a user's account as part of the disk quota. The only PHP handler that currently will have files owned by nobody is DSO.

 

[zgia]

Hello,
We have also issue with "nobody".
Does cPanel have option to restore owner from nobody to user without "root"?
But from cPanel File Manager or other methods.

Our clients use different CMS that uploading files and creating dirs, than clients could not change anything with this dirs.
Them contacting to us and we do chown manualy.

For example this option have panel DA(Dire**Admin)

I searched forum and All Documentation but did not found.
Thanks.

 

[cPanelTristan]

We do have a script at /usr/local/cpanel/scripts/chownpublichtmls that will chown /home/username/public_html to the right ownership permissions. This will actually perform a chown for all accounts rather than just 1 account.

 

[zgia]

We know about this script, but problem in another manner. For example clients`s script created files and directories, but client can not do with this files/dirs from Cpanel or ftp anything(modify, delete, etc) until contact us. We can add this script "chownpublichtmls " to cron, but it is not a resolution of problem.

 

[cPanelTristan]

If you believe there is an option we need to provide for the end user in File Manager or cPanel, please feel free to open up a feature request for that option:

http://go.cpanel.net/iwant

This is how things are added to the product that do not already exist.

 

[garrettp]

Run SuPHP (or other CGI-based loader), end of story. Running around chmod'ing everything to 777 to allow Drupal/Joomla/WP/etc to work is just a bad idea. Nobody-owned files are problematic any way you hash it and should be avoided.

 

[Infopro]

Run SuPHP (or other CGI-based loader), end of story. Running around chmod'ing everything to 777 to allow Drupal/Joomla/WP/etc to work is just a bad idea. Nobody-owned files are problematic any way you hash it and should be avoided.

Agreed 110%.