The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Password Protected Files Problem With New FP Setup?

Discussion in 'General Discussion' started by shannon, Aug 14, 2003.

  1. shannon

    shannon Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    Got a client with a private file in their _private folder (yes, they're using frontpage)

    Anyway, ever since this mornings update to the latest "stable", they're no longer able to bring up the file, even with their username password.

    Error log shows:

    [Thu Aug 14 10:37:35 2003] [error] [client x] user jimbob not found: /_private/form_results.txt
    [Thu Aug 14 10:37:35 2003] [error] [client x] File does not exist: /home/jimbob/public_html/401.shtml
    [Thu Aug 14 10:37:39 2003] [error] [client x] (13)Permission denied: Could not open password file: /home/jimbob/public_html/_vti_pvt/service.pwd

    the service.pwd is there, and it has 'jimbob' listed, along with a password hash...

    Scratched my head a few times, then looked at the notes from this mornings upgrade, and saw the "enhanced frontpage security" noting that the service.pwd files could now be owned/readable by only the useraccount... but apparently that's not entirely true, as apache is getting an error when trying to read said file???

    Anybody got an idea on this? I did notice that the service.pwd is owned by jimbob/jimbob, and its permissions are set at 600.... do we just re-chmod, or....?

    cPanel.net Support Ticket Number:
     
  2. shannon

    shannon Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    Okay, it's definately a permisison problem

    Alright, I went ahead and tried the obvious, chmoding service.pwd back to 604 instead of 600, and low and behold... it works fine now with no error.

    Apparently the new enhanced FP security routine has no problem with the file being owned/readable only by the useraccount in question, but if you're trying to access a PW protected file with your browser, apache sees the .htaccess, says "oh, I need to look up the username/password in service.pwd!"

    and then blows up with the lovely error above, since of course, "nobody" is running apache, and "nobody" isn't allowed to view the file.

    So scratch the whole "service.pwd now safer and not world readable!"

    Guess I'll go file a ticket on this one, since it's probably going to be a problem going forward.

    cPanel.net Support Ticket Number:
     
  3. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Re: Okay, it's definately a permisison problem


    You really don't want it world reable or readable by nobody. If anyone on your server has an insecure php script they should be able to get into your user's account within a couple minutes. You best bet is to re-protect the _private directory with a diffrent user/pass via cPanel.
    cPanel.net Support Ticket Number:
     
  4. shannon

    shannon Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    Re: Re: Okay, it's definately a permisison problem

    Good point... and also a moot point since this morning the service.pwd is back to 600 for it's permissions anyway. :)

    Will try the password protection via cPanel and see what happens.

    cPanel.net Support Ticket Number:
     
  5. cretu

    cretu Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    208
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    I thought this issue was already fixed. It seems it isn't. I have also problems and "permission denied" when using FP to publish the site.

    I guess the best thing will be waiting for Nick to issue something new.

    Regards,

    cretu

    cPanel.net Support Ticket Number:
     
  6. Jontxu40

    Jontxu40 Well-Known Member

    Joined:
    Dec 9, 2002
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
    Permission denied

    Hi :

    I have same problem. Certain user can´t login into a protected page (he protected with FrontPage)

    My log show me :

    Permission denied: Could not open password file: /home/user/public_html/_vti_pvt/service.pwd

    This file is 600.

    What is the rigth value ? 600 , 604, 644

    Why Apache fail to read this file ?

    By the way.

    The files that Cpanel create for protect folders (/home/user/.htpasswd/folder/passwd) are 644. Are readable by all

    Thanks in advance

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page