Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Please provide more info about EasyApache FileProtect feature

Discussion in 'EasyApache' started by Kent Brockman, Jan 31, 2017.

Tags:
  1. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,187
    Likes Received:
    8
    Trophy Points:
    168
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello guys. Today I upgraded some servers to cPanel 11.62 to discover this new feature.

    Note that I'm using EA4 in all of these servers and the "Enable File Protect" option is ON by default on Tweak Settings. After reading a couple links I arrived here (Apache Module: FileProtect - EasyApache - cPanel Documentation) where it's stated that this feature is to protect public_html folders but all the references in that page point towards EasyApache 3 (even when you run /scripts/enablefileprotect --help)

    So, is this a feature exclusively working with EA3? How does it work under EA4? What permissions are exactly being modified?

    Please ellaborate.
    Thanks! :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. vacancy

    vacancy Well-Known Member

    Joined:
    Sep 20, 2012
    Messages:
    209
    Likes Received:
    26
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    Easyapache 3 is a function that is enabled by default.

    As mentioned, an important function that public_html folders to be not read by other accounts. FileProtect provides better directory security.

    With 11.58 and Easyapache 4, this function is turned disabled by default. I had to run the /scripts/enablefileprotect command to activate it.

    With 11.62 this function was turned on by default.

    It also added a symlink protect function for mod_php and mod_suphp with 11.62, a very nice improvement. (Apache configuration > Global Configuration > Symlink Protect set on )
     
    #2 vacancy, Jan 31, 2017
    Last edited: Jan 31, 2017
  3. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,187
    Likes Received:
    8
    Trophy Points:
    168
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Interesting. But what permissions are exactly being modified?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. vacancy

    vacancy Well-Known Member

    Joined:
    Sep 20, 2012
    Messages:
    209
    Likes Received:
    26
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    There will be no change that affects the running of accounts.

    disable fileprotect - public_html owner username username
    enable fileprotect - public_html owner username nobody
     
    Kent Brockman likes this.
  5. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,187
    Likes Received:
    8
    Trophy Points:
    168
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Thanks. That's what I exactly wanted to know.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    File Protect will check the permissions and ownership values on each user account's public_html directory and each addon domain's DocumentRoot directory and then set the values accordingly. It also takes into account the use of Mod_Ruid2, which changes how the ownership value is configured.

    You can directly view the file that enables the File Protect option if you'd like see how it works in the background:

    Code:
     cat /usr/local/cpanel/scripts/enablefileprotect
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Kent Brockman likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice