Hello.
I am facing this problem every time I have to run Easyapache, or migrate to a new hardware, which is not the case (both).
We have a legacy tool that uses a repository of files and they must be shared (just for read access) between more than 2 cpanel accounts, while one of the account must have also create/write permissions.
With Centos 6.x and Apache 2.2 I succeded by following these rules (sorry if they are redundant or contradictory - they were defined along the years-):
- chmod a+x /home/[cpanel_account]/public_html. This must be run on every Apache recompile (using command line or by running Easy Apache from WHM).
- chmod g+w /home/[cpanel_account]/public_html, so shared dirs must be writable by the group.
- Symbolic links will give a permission denied message if one or more directories in the linked path are not world executable. ALSO, the physical directory must be OWNED by the account that symlinks to with WRITE purposes.
- You have to add the user to the apache group: usermod -a -G apache new_user
- Finally, the owner fo the shared directory has to be Apache: chgrp apache shared_dir
So now, after migrated to Centos 7.x and lastest stable Apache offered by cPanel configuration, I cannot make the symlinks to work for all accounts. Always for only one. No luck.
Worst of all, my cooking recipy is now wrong since it seems that the apache group dissapeared.
So any of you guys has faced the same problem? Is PHP suExec guilty, or is any workaround posssible to bypass these security controls? SElinux is disabled.
This is a totally closed cPanel installation. No hosting client will open any cpanel account. All cpanel/whm management is made by internal IT people.
I am facing this problem every time I have to run Easyapache, or migrate to a new hardware, which is not the case (both).
We have a legacy tool that uses a repository of files and they must be shared (just for read access) between more than 2 cpanel accounts, while one of the account must have also create/write permissions.
With Centos 6.x and Apache 2.2 I succeded by following these rules (sorry if they are redundant or contradictory - they were defined along the years-):
- chmod a+x /home/[cpanel_account]/public_html. This must be run on every Apache recompile (using command line or by running Easy Apache from WHM).
- chmod g+w /home/[cpanel_account]/public_html, so shared dirs must be writable by the group.
- Symbolic links will give a permission denied message if one or more directories in the linked path are not world executable. ALSO, the physical directory must be OWNED by the account that symlinks to with WRITE purposes.
- You have to add the user to the apache group: usermod -a -G apache new_user
- Finally, the owner fo the shared directory has to be Apache: chgrp apache shared_dir
So now, after migrated to Centos 7.x and lastest stable Apache offered by cPanel configuration, I cannot make the symlinks to work for all accounts. Always for only one. No luck.
Worst of all, my cooking recipy is now wrong since it seems that the apache group dissapeared.
So any of you guys has faced the same problem? Is PHP suExec guilty, or is any workaround posssible to bypass these security controls? SElinux is disabled.
This is a totally closed cPanel installation. No hosting client will open any cpanel account. All cpanel/whm management is made by internal IT people.
)