permissions and ownership of public_html...

sopya

Member
Apr 27, 2012
15
0
51
cPanel Access Level
Root Administrator
Hello,

When we set 755 permission and ownership user:user to public_html site is working. Also when we set 750 and user:nobody to public_html site is working.

Yes, we do have suPHP installed.

My question is why above 2 scenario works?

suPHP configuration is as following.

Code:
====================================
; This file is parse anew by suPHP for each request
; rather than being loaded once.

[global]
;Path to logfile
logfile=/usr/local/apache/logs/suphp_log


;Loglevel
loglevel=info


;User Apache is running as
; MANDATORY
webserver_user=nobody


; Path all scripts have to be in
; This works as a prefix when a trailing slash is not specified.
; e.g. /home will match /home /home2 /home3 etc While /home/ will only match /home/
;
; Changing this to a more specific path will improve security
docroot=/


;Path to chroot() to before executing script
;chroot=/home


; Security options
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false


; Check whether script is within DOCUMENT_ROOT
; Does NOT perform this check on included scripts.
; i.e. include_once("/test3.php"); works even though it's in the root directory
;
; Changing this to true will improve security but make all php userdir requests fail
check_vhost_docroot=false


; Allow the user and group specified by a ~userdir request to override the
; suPHP_UserGroup directive inside the source virtualhost
;
; Changing this to false will improve security but make some types of php userdir
; requests fail
userdir_overrides_usergroup=true


; suPHP Paranoid mode checks that the target script UID and GID match
; the UID and GID of the user running the script.  To disable these
; checks change the following values to false.  Without these checks, mod_suphp
; is effectively running in "Force" mode.
paranoid_uid_check=true
paranoid_gid_check=true


;Send minor error messages to browser
errors_to_browser=false


;PATH environment variable
env_path="/bin:/usr/bin"


;Umask to set, specify in octal notation
umask=0022


; Minimum UID
;min_uid=100


; Minimum GID
;min_gid=100

; Normally suPHP only displays the PHP binary in process lists (ps aux).
; Setting this option to 'true' will cause suPHP to display both the
; PHP binary and the script filename.
full_php_process_display=true


[handlers]
;Handler for php-scripts
application/x-httpd-php="php:/usr/bin/php"
application/x-httpd-php4="php:/usr/php4/bin/php"
application/x-httpd-php5="php:/usr/bin/php"

;Handler for CGI-scripts
;x-suphp-cgi="execute:!self"

[phprc_paths]
;Uncommenting these will force all requests to that handler to use the php.ini
;in the specified directory regardless of suPHP_ConfigPath settings.
;application/x-httpd-php=/usr/local/lib/
;application/x-httpd-php4=/usr/local/php4/lib/
;application/x-httpd-php5=/usr/local/lib/


; EasyApache 3 checks the following value to determine wether or not
; your suphp.conf is up to date.  Removing it will cause this file
; to be replaced the next time EasyApache is run
;
; cPanel suphp.conf version -- 47
================================================
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello :)

The following permissions/ownership values are configured for the public_html directory during account creation when suPHP is enabled:

Permissions: 0750
Ownership: Username:Nobody

This changes to the following when you have mod_ruid2 enabled:

Permissions: 0750
Ownership: Username:Username

While alternate permissions/ownership may not produce error messages, it's not recommended that you modify them because cPanel configures the recommended values by default.

Thank you.