[Resolved] suphp with shared files

kitsguru

Member
Apr 30, 2011
10
0
51
I am using:
  • WHM 11.32.4 (build 15)
  • Apache 2.2.3
  • php 5.2.14
  • suphp 0.7.1
  • REDHAT Enterprise 5.8 x86_64 standard


The other day I ran easyapache to install a new version of ioncube. I kept all other other settings as is.

My problem is that I have two sites that share a php installation and up until I ran the update, everything was fine. Now I am getting a permissions error when siteA tries to execute the php files from siteB. SiteB works fine.

I use suphp with suexec on.
I have added siteA owner to siteB group.
File permissions for siteB php files are 664, directory 755.
I have excluded open_basedir for siteA

suphp config:
; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false
check_vhost_docroot=false
userdir_overrides_usergroup=true
paranoid_uid_check=true
paranoid_gid_check=true

I have not made any changes to the vhost configuration files.

I can not figure out why I am getting a permissions error. Other than the ioncube loader which is not used by these files, I do not see any other changes.

Any suggestions are appreciated.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Hello :)

Sharing files between accounts is not considered a good security practice in my opinion. Have you considered copying the files that these users share so they exist under both accounts? Or, you might consider converting one of the domain names to an addon domain name under the other account if both accounts are connected and share dynamic content.

Thank you.
 

kitsguru

Member
Apr 30, 2011
10
0
51
Hello :)

Sharing files between accounts is not considered a good security practice in my opinion. Have you considered copying the files that these users share so they exist under both accounts? Or, you might consider converting one of the domain names to an addon domain name under the other account if both accounts are connected and share dynamic content.

Thank you.
Thank you for your suggestion, but not an appropriate solution to my problem for various reasons. Since I was using a group level permission which is perfectly safe for file execution, the security is not an issue. Add-on domain is not appropriate as it is different content. Copying the files is a license issue so no go there.

Anyway I found the problem and was able to fix it.

public_html had username/nobody 750 permissions which blocked access to the php files I needed. I simply changed the permissions to 751. The remaining files are username/group protected.
 
Last edited: