Stopping fileprotect rewriting acls of folders

J

jascott

Member
May 17, 2013
5
0
1
cPanel Access Level
Root Administrator
Hi,

I am currently setting up an environment where users in groups can edit files around the /home directory depending on their group permissions. For example;

GroupA can access;
/home/site1/public_html
/home/site2/public_html

GroupB can access;
/home/site2/public_html
/home/site3/public_html

On top of that, I'm allowing the web user of site2 to access the files inside site1 as it might require them. To achieve this, I use ACLs on the filesystem to give the correct permissions. This all works fine, however when I run any Easyapache update (even with fileprotect disabled), these ACLs get completely reset.

Is there any way to safely disable these scripts? I would just rm the enable/disablefileprotect scripts however I would assume they would reappear after a upcp and then execute in future without knowledge.

Thanks :)
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,258
463
Hello :)

It's generally not advised to disable FileProtect due to security concerns. However, you can disable it by running the following command:

Code: 
# /scripts/disablefileprotect
You will also need to ensure it's not selected in the EasyApache build profile. If the issue persists, could you provide an example of an ACL that is reset?

Thank you.
 
J

jascott

Member
May 17, 2013
5
0
1
cPanel Access Level
Root Administrator
Hi Michael,

Thank you for the reply :) I'm aware of the security concerns, for the most part I actually apply the same level as enablefileprotect but then add on top of it my own custom acls.

Unfortunately even disablefileprotect changes the ACL of the home folders to;
# file: site1
# owner: site1
# group: site1
user::rwx
group::r-x
group:mail:--x
group:mailnull:--x
group:ftp:--x
group:nobody:--x
group:cpanel:--x
group:65535:--x
mask::r-x
other::---

When originally it was like (not completely accurate but to give an idea);
user::rwx
user:site1:r-x
user:site2:r-x
group::--x
group:mail:--x
group:mailnull:--x
group:ftp:--x
group:nobody:--x
group:group1:rwx
group:cpanel:--x
group:65535:--x
mask::rwx
other::---
default:user::rwx
default:user:site1:r-x
default:user:site2:r-x
default:group::--x
default:group:group1:rwx
default:mask::rwx
default:eek:ther::---

Thanks :)
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,258
463
You could implement an EasyApache script hook to run after EasyApache finishes. This is documented at:

EasyApache Hooks

Thank you.
 
J

jascott

Member
May 17, 2013
5
0
1
cPanel Access Level
Root Administrator
Ah, this is perfect! So just re-apply the ACLs on Easyapache end.

Just brainstormed another idea with moving the site2 (which is a services layer shared by all other sites) to a non-home directory (like /opt/services) and ACL from there.

Many thanks :)
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
M Homedir permissions and enablefileprotect File Management 0
C FileProtect exceptions? File Management 0
J What is fileprotect in EA3? File Management 1
R Stopping removal of public_html File Management 7
Vatoloco Stopping Brute Force FTP login attacks? File Management 9
Similar threads
Homedir permissions and enablefileprotect
FileProtect exceptions?
What is fileprotect in EA3?
Stopping removal of public_html
Stopping Brute Force FTP login attacks?
Top Bottom