The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Symlinks patch messes up system

Discussion in 'General Discussion' started by rhm.geerts, Apr 29, 2016.

  1. rhm.geerts

    rhm.geerts Active Member

    Joined:
    Jul 29, 2008
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Maastricht
    cPanel Access Level:
    Root Administrator
    Hello.

    I used the option in WHM -> Easyapache to fix the followsymlinks security issue.

    However, after that was done, several users had issues.
    Several user files are owned by nobody (the apache user), which is logically because they were uploaded or installed using the browser (so not via ftp).

    For example if you have a file called birthday.gif it's like:
    /home/user/www/images/birthday.gif and owned by apache like:
    -rw-rw-rw- 1 nobody nobody 6820 Sep 24 2015 birthday.gif

    If you try to call that gif (or any other page or file owned by nobody) directly via the browser like:
    userdomain.com/images/birthday.gif you will get a 404 error as if the file does not exist, even if it's publicly readable and writable as in this example. That is wrong.

    Do I change the owner to the useraccount like this:
    -rw-rw-rw- 1 user user 6820 Sep 24 2015 birthday.gif
    then the file will be accessible directly via the browser (as should be) and the site is working correctly again.

    Now I could chown all files to the user, but that is not a solution because.
    1.) Doing that for all users is a whole bunch of work
    2.) When a user uses a browser upload it will be owned by nobody again and problem reoccurs
    3.) It should not work this way. When doing a symlink patch, it should prevent the followsymlink option, but it should not generate 404 errors on pages which do exist.

    Please help me with a fix for this.

    Addition: It's Centos 5, we're not using mod_ruid2, but dso with suphp.
     
    #1 rhm.geerts, Apr 29, 2016
    Last edited by a moderator: Apr 29, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    This is answered under the "FAQ" section of the following document, starting under the "What does the new Bluehost.com patch do?" question:

    Symlink Race Condition Protection - EasyApache - cPanel Documentation

    You will need to update the ownership values of those files to the account username, and consider switching to a handler such as suPHP.

    Thank you.
     
  3. rhm.geerts

    rhm.geerts Active Member

    Joined:
    Jul 29, 2008
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Maastricht
    cPanel Access Level:
    Root Administrator
    I thought bluehost.com was something else. I fixed it via one of the other methods now.
     
Loading...

Share This Page