Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Privileges problem after enabling HTTP2

Discussion in 'EasyApache' started by Morphime, Feb 20, 2019.

  1. Morphime

    Morphime Member

    Joined:
    Feb 19, 2019
    Messages:
    9
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Helo, 2 days ago, i decided to enable http2 in easypache4 which was not an easy task due to modules conflicts. Since then, i needed to change some files privileges (chmod) because some of my plugin on our website add some files to a /file folder which add nobody:nobody chmod 755 before and it was working fine!

    Now i need to set "others" to have write privileges(757) to the /file folder which i dont think is super safe unless someone tell me otherwise.

    I'll list some usefull modules informations with in bold, the affected package...packages absent in the second list from the first one are those who are disabled due to conflict with http2.

    Here is the old setup:
    • mod_cgi
    • mod_mpm_prefork
    • php70-php
    • php70-php-fpm
    • mod_proxy_fcgi
    • mod_suexec
    And here is the new setup
    • mod_cgid
    • mod_mpm_event
    • mod_http2
    • mod_suphp
    • php70-php-fpm
    • mod_proxy_fcgi
    • mod_suexec

    Note that I dont and never used RUID2 and cant use it with http2.
    Im guessing it is all because I disabled php70-php OR because i enabled mod_suphp.

    I know chmod 757 is really not safe so thats why i wanna make the ownership and group privileges work!
    Is there another mod that i could enable that would manage privileges correctly like it was before (with ownership and group)?
    Which modification affected the privileges ?
     
  2. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,889
    Likes Received:
    149
    Trophy Points:
    343
    cPanel Access Level:
    Root Administrator
  3. Morphime

    Morphime Member

    Joined:
    Feb 19, 2019
    Messages:
    9
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    • mod_cgi
    • mod_mpm_prefork
    • php70-php

    Those are not compatible with mod_http2.
    So i disabled them and added all those:
    • mod_cgid
    • mod_mpm_event
    • mod_http2
    • mod_suphp

    Most of my privileges are ok since we had 755 before and most of the website just need to read! we had everything with ouruser : ouruser 755 and the folders thats needed write privieleges had nobody:nobody 755 and working fine!

    Now my problem is with those folders that need write privileges! It only works with 757 since i upgraded... rest are all ok but still i think everything is trying to generate acces with the "others" in the chmod...
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,707
    Likes Received:
    436
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    The thread here might be helpful:

    SOLVED - Cannot write files after upgrade

    Ultimately it doesn't sound like the root of the issue is mod_http2 but the differences in permissions requirements in the mpm and handler you're using as a result of switching.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Morphime

    Morphime Member

    Joined:
    Feb 19, 2019
    Messages:
    9
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    I might try disabling mod_suPHP tonight since i already have mod_cgid as the handler and i did not use suPHP in the previous config.
    I'll let you know if it did fix anything!
     
    cPanelLauren likes this.
  6. Morphime

    Morphime Member

    Joined:
    Feb 19, 2019
    Messages:
    9
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    I did disabled mod_suPHP but it changed nothing at all sadly... I dont know what else i can do to fix this security issue!
    When using ftp with the user I set on the /file folder its working perfectly fine! But it seems like it doesnt use the right user when its with apache (while using our filemanager plugin/fileuploader)... is there a way to test which one it uses?

    I already ran the function get_current_user() which return the script owner which also is the good user matching with my /file privileges.
     
    #6 Morphime, Feb 20, 2019
    Last edited: Feb 20, 2019
  7. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,707
    Likes Received:
    436
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Morphime

    Please feel free to open a ticket using the link in my signature so that we can look into this further. Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Morphime

    Morphime Member

    Joined:
    Feb 19, 2019
    Messages:
    9
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Ticket ID: 11490523
     
  9. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,707
    Likes Received:
    436
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Morphime


    Thanks! I'm following that ticket and I'll update this thread with the outcome.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. Morphime

    Morphime Member

    Joined:
    Feb 19, 2019
    Messages:
    9
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    A little update on my side, even after opening a ticket and talking to a cpanel support member, the problem persist... i got sggested to go back to http1.1...
    I also noticed even my cpanel backups have some privileges issue now. backup seems fine on the server itself but when transferer to an additionnal destination using sftp, same privileges problem persist. I really wanted http2 but seems like theres too many bugs with privileges problem with cgi so i might really consider going back to http1.1
     
  11. Morphime

    Morphime Member

    Joined:
    Feb 19, 2019
    Messages:
    9
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Another update... somehow, chown user:user started working randomly today... everything seems to be fixed but "FOR HOW LONG" ?
    I'm gonna keep making test and monitor all those privileges problems but it seem inconsistant. I didnt touch anything during the weekend and this morning but now its working.
     
  12. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,707
    Likes Received:
    436
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Morphime

    I'm really glad to hear it's working, if you do experience any further issues with this I'd like to see if you can please open a ticket. You can do so with the link in my signature.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice