SOLVED Permissions and Ownerships issues

WorkinOnIt

Well-Known Member
Aug 3, 2016
195
28
28
UK
cPanel Access Level
Root Administrator
I've recently set up a new vps with cpanel / cloudlinux using suPHP and EA4 (centOS).

When I create an new account, it seems to always create the /public_html folder as user:user (rather than user:nobody)

Directories are correctly given 755 but files are being created with permission 644 - though I'm wondering if they should they be 664?

What could the issue be - or is this the correct setting?

I'm not seeing any specific errors on the frontend website (wordpress) but I don't seem able to display any errors - not even php notices are showing.... though debug constants and error reporting are all set to true/on.
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,215
363
Hello,

cPanel will automatically assign the correct group ownership values to the public_html directories (e.g. it checks Mod_Ruid2/MPM-ITK and FileProtect settings). 0644 permissions for files and 0755 permissions for directories are correct, and the recommended permission values for files and directories.

Thank you.
 

WorkinOnIt

Well-Known Member
Aug 3, 2016
195
28
28
UK
cPanel Access Level
Root Administrator
Ok thank you - but why are new accounts being created with ownership of public_html as user:user? I am creating them manually as root login.

Should they not be user:nobody?

In addition, the /public_html is being given 755 also and I thought it should be 750.

What could be causing that?
 

WorkinOnIt

Well-Known Member
Aug 3, 2016
195
28
28
UK
cPanel Access Level
Root Administrator
Just to update this thread - I opened a support ticket and the reply was very helpful;

The behavior you're describing would be default behavior for cPanel 60 with EasyApache 4.

If you wish to have the public_html directories be created with 750 permissions then you'll need to enable FileProtect:

Apache Module: FileProtect - EasyApache - cPanel Documentation

The above documentation is specific to Easy Apache 3, which your server is not running, but it does describe the FileProtect module which is why I shared the link.

For an EasyApache 4 server, this module is already installed, you just need to run the script to enable it, is all. Examples from a test server:

~~~~
[email protected] - 11.60.0.25 [~]# ls -ld /home/cptest/public_html/
drwxr-xr-x 3 cptest cptest 20 Dec 2 04:04 /home/cptest/public_html/

[email protected] - 11.60.0.25 [~]# /scripts/enablefileprotect
Setting /home permissions to 0711......Done
Setting permissions for.....spftest …
cptest …
...Done

[email protected] - 11.60.0.25 [~]# ls -ld /home/cptest/public_html/
drwxr-x--- 3 cptest cptest 20 Dec 2 04:10 /home/cptest/public_html/
~~~~

With suPHP, the PHP scripts are going to run as the user anyway so the "nobody" group ownership is not set.
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,215
363
Hello,

I'm happy to see the information helped! Thank you for updating this thread with the outcome.