The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SECURITY ISSUE: Addon Domains in public_html / world rights permission

Discussion in 'Security' started by isolmrg, Oct 10, 2012.

  1. isolmrg

    isolmrg Member

    Joined:
    Oct 10, 2012
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Göttingen, Germany
    cPanel Access Level:
    Root Administrator
    as client in cpanel:
    if we add an "Addon Domain" and set the "Dokument Root Home :" just to /public_html
    the domain is added but now the rights of public_html are:

    drwxr-xr-x 17 user1 www 4096 10. Okt 13:29 public_html/

    now public_html can read and accessed by world

    before add a subdomain to public_html rights are:
    drwxr-x---

    what script set the rights in case of an addon domain added? can we workaround this?

    - - - Updated - - -

    btw: same in case of subdomain added
     
  2. isolmrg

    isolmrg Member

    Joined:
    Oct 10, 2012
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Göttingen, Germany
    cPanel Access Level:
    Root Administrator
    ok testet through cpanel support: intern bug ID is 61715

    hope fixed soon
     
  3. 50r

    50r Member

    Joined:
    Oct 9, 2012
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Vryheid, KwaZulu-Natal, South Africa
    cPanel Access Level:
    Root Administrator
    Hey with all these internet security risk i am new to hosting a virtual server and so sacred of the risks because am working so hard on my business. Do you mean setting an addon domain root home to public.html poses security risks?
     
  4. isolmrg

    isolmrg Member

    Joined:
    Oct 10, 2012
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Göttingen, Germany
    cPanel Access Level:
    Root Administrator
    yes, if an other customer on your system know other users path, he can switch into it and can list public_html content and may can open files into it
     
Loading...

Share This Page