The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Resolved] suphp with shared files

Discussion in 'Security' started by kitsguru, Oct 1, 2012.

  1. kitsguru

    kitsguru Member

    Joined:
    Apr 30, 2011
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    I am using:
    • WHM 11.32.4 (build 15)
    • Apache 2.2.3
    • php 5.2.14
    • suphp 0.7.1
    • REDHAT Enterprise 5.8 x86_64 standard


    The other day I ran easyapache to install a new version of ioncube. I kept all other other settings as is.

    My problem is that I have two sites that share a php installation and up until I ran the update, everything was fine. Now I am getting a permissions error when siteA tries to execute the php files from siteB. SiteB works fine.

    I use suphp with suexec on.
    I have added siteA owner to siteB group.
    File permissions for siteB php files are 664, directory 755.
    I have excluded open_basedir for siteA

    suphp config:
    ; Security options
    allow_file_group_writeable=true
    allow_file_others_writeable=false
    allow_directory_group_writeable=true
    allow_directory_others_writeable=false
    check_vhost_docroot=false
    userdir_overrides_usergroup=true
    paranoid_uid_check=true
    paranoid_gid_check=true

    I have not made any changes to the vhost configuration files.

    I can not figure out why I am getting a permissions error. Other than the ioncube loader which is not used by these files, I do not see any other changes.

    Any suggestions are appreciated.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Sharing files between accounts is not considered a good security practice in my opinion. Have you considered copying the files that these users share so they exist under both accounts? Or, you might consider converting one of the domain names to an addon domain name under the other account if both accounts are connected and share dynamic content.

    Thank you.
     
  3. kitsguru

    kitsguru Member

    Joined:
    Apr 30, 2011
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Thank you for your suggestion, but not an appropriate solution to my problem for various reasons. Since I was using a group level permission which is perfectly safe for file execution, the security is not an issue. Add-on domain is not appropriate as it is different content. Copying the files is a license issue so no go there.

    Anyway I found the problem and was able to fix it.

    public_html had username/nobody 750 permissions which blocked access to the php files I needed. I simply changed the permissions to 751. The remaining files are username/group protected.
     
    #3 kitsguru, Oct 4, 2012
    Last edited: Oct 4, 2012
Loading...

Share This Page