Please provide more info about EasyApache FileProtect feature

Kent Brockman

Well-Known Member
PartnerNOC
Jan 20, 2008
1,255
60
178
Buenos Aires, Argentina
cPanel Access Level
Root Administrator
Hello guys. Today I upgraded some servers to cPanel 11.62 to discover this new feature.

Note that I'm using EA4 in all of these servers and the "Enable File Protect" option is ON by default on Tweak Settings. After reading a couple links I arrived here (Apache Module: FileProtect - EasyApache - cPanel Documentation) where it's stated that this feature is to protect public_html folders but all the references in that page point towards EasyApache 3 (even when you run /scripts/enablefileprotect --help)

So, is this a feature exclusively working with EA3? How does it work under EA4? What permissions are exactly being modified?

Please ellaborate.
Thanks! :)
 

vacancy

Well-Known Member
Sep 20, 2012
409
127
93
Turkey
cPanel Access Level
Root Administrator
Easyapache 3 is a function that is enabled by default.

As mentioned, an important function that public_html folders to be not read by other accounts. FileProtect provides better directory security.

With 11.58 and Easyapache 4, this function is turned disabled by default. I had to run the /scripts/enablefileprotect command to activate it.

With 11.62 this function was turned on by default.

It also added a symlink protect function for mod_php and mod_suphp with 11.62, a very nice improvement. (Apache configuration > Global Configuration > Symlink Protect set on )
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Hello,

File Protect will check the permissions and ownership values on each user account's public_html directory and each addon domain's DocumentRoot directory and then set the values accordingly. It also takes into account the use of Mod_Ruid2, which changes how the ownership value is configured.

You can directly view the file that enables the File Protect option if you'd like see how it works in the background:

Code:
 cat /usr/local/cpanel/scripts/enablefileprotect
Thank you.
 
  • Like
Reactions: Kent Brockman