The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Stopping fileprotect rewriting acls of folders

Discussion in 'General Discussion' started by jascott, May 23, 2013.

  1. jascott

    jascott Member

    Joined:
    May 17, 2013
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    I am currently setting up an environment where users in groups can edit files around the /home directory depending on their group permissions. For example;

    GroupA can access;
    /home/site1/public_html
    /home/site2/public_html

    GroupB can access;
    /home/site2/public_html
    /home/site3/public_html

    On top of that, I'm allowing the web user of site2 to access the files inside site1 as it might require them. To achieve this, I use ACLs on the filesystem to give the correct permissions. This all works fine, however when I run any Easyapache update (even with fileprotect disabled), these ACLs get completely reset.

    Is there any way to safely disable these scripts? I would just rm the enable/disablefileprotect scripts however I would assume they would reappear after a upcp and then execute in future without knowledge.

    Thanks :)
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    It's generally not advised to disable FileProtect due to security concerns. However, you can disable it by running the following command:

    Code:
    # /scripts/disablefileprotect
    You will also need to ensure it's not selected in the EasyApache build profile. If the issue persists, could you provide an example of an ACL that is reset?

    Thank you.
     
  3. jascott

    jascott Member

    Joined:
    May 17, 2013
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    Thank you for the reply :) I'm aware of the security concerns, for the most part I actually apply the same level as enablefileprotect but then add on top of it my own custom acls.

    Unfortunately even disablefileprotect changes the ACL of the home folders to;
    # file: site1
    # owner: site1
    # group: site1
    user::rwx
    group::r-x
    group:mail:--x
    group:mailnull:--x
    group:ftp:--x
    group:nobody:--x
    group:cpanel:--x
    group:65535:--x
    mask::r-x
    other::---

    When originally it was like (not completely accurate but to give an idea);
    user::rwx
    user:site1:r-x
    user:site2:r-x
    group::--x
    group:mail:--x
    group:mailnull:--x
    group:ftp:--x
    group:nobody:--x
    group:group1:rwx
    group:cpanel:--x
    group:65535:--x
    mask::rwx
    other::---
    default:user::rwx
    default:user:site1:r-x
    default:user:site2:r-x
    default:group::--x
    default:group:group1:rwx
    default:mask::rwx
    default:eek:ther::---

    Thanks :)
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  5. jascott

    jascott Member

    Joined:
    May 17, 2013
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Ah, this is perfect! So just re-apply the ACLs on Easyapache end.

    Just brainstormed another idea with moving the site2 (which is a services layer shared by all other sites) to a non-home directory (like /opt/services) and ACL from there.

    Many thanks :)
     
Loading...
Similar Threads - Stopping fileprotect rewriting
  1. StoneyCreeker
    Replies:
    7
    Views:
    394

Share This Page