upcp is changing httpd.conf to 600 this break many fantastico installation

[BianchiDude]

upcp is changing httpd.conf to 600 this break many fantastico installation

Why is upcp changing httpd.conf to 600?

I have custom scripts that need to access it, i need it to stay 644, also fantastico needs it to be 644.

Is anyone else having this problem? How can I prevent upcp form chaning it?

 

[kosmo]

The latest Fantastico version 2.8.8 r10 doesn't need any more access to httpd.conf.

kosmo

 

[BianchiDude]

My custom scripts still need access to it.

 

[chirpy]

How can I prevent upcp form chaning it?

You can't, that is how it now works from EDGE onwards. You'll have to change how your scripts work.

 

[kosmo]

My custom scripts still need access to it.

I suggest to open a bugzilla ticket requesting to make it a WHM Tweak Settings option. This would make sense, in particular for individuals with a few trusted accounts on a server.

kosmo

 

[cPanelNick]

upcp is changing httpd.conf to 600 this break many fantastico installation

Why is upcp changing httpd.conf to 600?

I have custom scripts that need to access it, i need it to stay 644, also fantastico needs it to be 644.

Is anyone else having this problem? How can I prevent upcp form chaning it?

Why do you need to read httpd.conf?

Sadly, in general

Security = 1/Convience

another way of saying that

security is inversely proportional to convenience

 

[internetfab]

Doesnt cpanel need it to read the subdomain and parked domain info?
Getting an error on customers cpanel every day saying that httpd.conf cant be read and we keep changing it each day.. sigh

 

[BianchiDude]

What security issues? What is in httpd.conf that will give me access to the server?

 

[PWSowner]

What security issues? What is in httpd.conf that will give me access to the server?

Account usernames for starters. Lots of general data.

 

[silversurfer]

We have clients complaining today of this error in Cpanel :

[an error occurred while processing this directive] Dedicated Ip Address
[an error occurred while processing this directive]
[an error occurred while processing this directive]

etc. Changing it to 644 fix it.

This is on c131.

 

[chirpy]

Well, unless edge fixes that problem you should log it in bugzilla.

 

[silversurfer]

Well the number of issues needing an update to edge to fix this 2 days is just too much... oh well.

 

[BianchiDude]

Account usernames for starters. Lots of general data.

WHAT? like at hacker is going to check httpd.conf for usernames when /etc/passwd is world readable. Does anyone know of an actual security issue?

 

[chirpy]

It is a serious security issue having access to httpd.conf because of the information that it contains. Security is about layers and preventing access to one file helps build up that security. Users should not have general access to httpd.conf and it's excellent that cPanel have developed a way to block that. It's unfortunate that it's broken something for you, but you'll simply have to work around the issue as it's not going to go away.

 

[BianchiDude]

It is a serious security issue having access to httpd.conf because of the information that it contains. Security is about layers and preventing access to one file helps build up that security. Users should not have general access to httpd.conf and it's excellent that cPanel have developed a way to block that. It's unfortunate that it's broken something for you, but you'll simply have to work around the issue as it's not going to go away.

Ok, thanks for the info, ill just create a sudo command to cat it.

 

[techark]

Does more than breaks Fantastico it also means users cannot manage addon or parked domains from cpanel any longer. They just get the cannot read httpd.conf premission errors when they try.

This is silly.

 

[techark]

Why do you need to read httpd.conf?

Sadly, in general

Security = 1/Convience

another way of saying that

security is inversely proportional to convenience

Well I do not but your own software does. Cannot manage addon or parked doamins via cpanel anylonger. At least test your changes before you go off changing things and making a statement like that.

 

[tgibobby]

Add a cron to chmod httpd.conf 644 after every upcp

 

[haze]

Well I do not but your own software does. Cannot manage addon or parked doamins via cpanel anylonger. At least test your changes before you go off changing things and making a statement like that.

You have made a decision to use the Edge release, thus you have taken the choice to use a NON STABLE TESTING RELEASE! You report bugs, cPanel fixes them and eventually releases a Current > Release then Stable build. You need to expect that such issues will arise when you make a decision to use Edge on production systems.

You can not fault cPanel for your own ignorance, and you can not fault them for improving security. They have workarounds, and they have a proper means of reporting such issues ( bugzilla.cpanel.net ). Also, contact the vendor of any 3rd party software that doesn't work as that is far from cPanels responsibility.

 

[silversurfer]

ummm.. I am on Current build btw.