Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

[Resolved] suphp with shared files

Discussion in 'Security' started by kitsguru, Oct 1, 2012.

  1. kitsguru

    kitsguru Member

    Apr 30, 2011
    Likes Received:
    Trophy Points:
    I am using:
    • WHM 11.32.4 (build 15)
    • Apache 2.2.3
    • php 5.2.14
    • suphp 0.7.1
    • REDHAT Enterprise 5.8 x86_64 standard

    The other day I ran easyapache to install a new version of ioncube. I kept all other other settings as is.

    My problem is that I have two sites that share a php installation and up until I ran the update, everything was fine. Now I am getting a permissions error when siteA tries to execute the php files from siteB. SiteB works fine.

    I use suphp with suexec on.
    I have added siteA owner to siteB group.
    File permissions for siteB php files are 664, directory 755.
    I have excluded open_basedir for siteA

    suphp config:
    ; Security options

    I have not made any changes to the vhost configuration files.

    I can not figure out why I am getting a permissions error. Other than the ioncube loader which is not used by these files, I do not see any other changes.

    Any suggestions are appreciated.
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hello :)

    Sharing files between accounts is not considered a good security practice in my opinion. Have you considered copying the files that these users share so they exist under both accounts? Or, you might consider converting one of the domain names to an addon domain name under the other account if both accounts are connected and share dynamic content.

    Thank you.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. kitsguru

    kitsguru Member

    Apr 30, 2011
    Likes Received:
    Trophy Points:
    Thank you for your suggestion, but not an appropriate solution to my problem for various reasons. Since I was using a group level permission which is perfectly safe for file execution, the security is not an issue. Add-on domain is not appropriate as it is different content. Copying the files is a license issue so no go there.

    Anyway I found the problem and was able to fix it.

    public_html had username/nobody 750 permissions which blocked access to the php files I needed. I simply changed the permissions to 751. The remaining files are username/group protected.
    #3 kitsguru, Oct 4, 2012
    Last edited: Oct 4, 2012

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice