Stopping fileprotect rewriting acls of folders

jascott

Member
May 17, 2013
5
0
1
cPanel Access Level
Root Administrator
Hi,

I am currently setting up an environment where users in groups can edit files around the /home directory depending on their group permissions. For example;

GroupA can access;
/home/site1/public_html
/home/site2/public_html

GroupB can access;
/home/site2/public_html
/home/site3/public_html

On top of that, I'm allowing the web user of site2 to access the files inside site1 as it might require them. To achieve this, I use ACLs on the filesystem to give the correct permissions. This all works fine, however when I run any Easyapache update (even with fileprotect disabled), these ACLs get completely reset.

Is there any way to safely disable these scripts? I would just rm the enable/disablefileprotect scripts however I would assume they would reappear after a upcp and then execute in future without knowledge.

Thanks :)
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Hello :)

It's generally not advised to disable FileProtect due to security concerns. However, you can disable it by running the following command:

Code:
# /scripts/disablefileprotect
You will also need to ensure it's not selected in the EasyApache build profile. If the issue persists, could you provide an example of an ACL that is reset?

Thank you.
 

jascott

Member
May 17, 2013
5
0
1
cPanel Access Level
Root Administrator
Hi Michael,

Thank you for the reply :) I'm aware of the security concerns, for the most part I actually apply the same level as enablefileprotect but then add on top of it my own custom acls.

Unfortunately even disablefileprotect changes the ACL of the home folders to;
# file: site1
# owner: site1
# group: site1
user::rwx
group::r-x
group:mail:--x
group:mailnull:--x
group:ftp:--x
group:nobody:--x
group:cpanel:--x
group:65535:--x
mask::r-x
other::---

When originally it was like (not completely accurate but to give an idea);
user::rwx
user:site1:r-x
user:site2:r-x
group::--x
group:mail:--x
group:mailnull:--x
group:ftp:--x
group:nobody:--x
group:group1:rwx
group:cpanel:--x
group:65535:--x
mask::rwx
other::---
default:user::rwx
default:user:site1:r-x
default:user:site2:r-x
default:group::--x
default:group:group1:rwx
default:mask::rwx
default:eek:ther::---

Thanks :)
 

jascott

Member
May 17, 2013
5
0
1
cPanel Access Level
Root Administrator
Ah, this is perfect! So just re-apply the ACLs on Easyapache end.

Just brainstormed another idea with moving the site2 (which is a services layer shared by all other sites) to a non-home directory (like /opt/services) and ACL from there.

Many thanks :)