The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

User has no permission to do "chgrp nobody /home/user/public_html"

Discussion in 'General Discussion' started by Jare, Aug 26, 2015.

  1. Jare

    Jare Member

    Joined:
    Sep 25, 2014
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    I have users that have a CMS installed in their public_html directory. Each user has a cron job that tells to execute a specific bash script that installs updates to the CMS using Composer. After the updating process has finished, file permissions, groups and ownerships are changed so that suPHP denies serving the site at all. To solve this, I have made the script to change the permissions, ownerships and groups back to how they should be: owner&group of every file/folder in public_html set to username:username, except for the public_html directory itself, whose group should be nobody instead of username, and no writing permission for the group.

    The only problem is that an account user does not have permission to do the chgrp nobody /home/username/public_html part. If I run the same script as root, it works just the way it should. So, how to make it work when executed by less privileged users?

    Thank you for your support!

    Here's the part of my script that handles file permissions: (current working directory at this point is /home/username/public_html)
    Code:
    chown $customer:$customer . -R
    chgrp nobody .
    chmod g-w . -R
    
    (I guess I should change "chmod g-w . -R" at some point to something like "chmod 755 . -R" or 750 to ensure others have no write access, but that's another topic. :) )
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Individual users will not have the privileges to change the ownership of a file or directory to "nobody". Are you able to modify the initial cron job so that it does not utilize invalid ownership and permission values?

    Thank you.
     
  3. Jare

    Jare Member

    Joined:
    Sep 25, 2014
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    I don't think there is a way to make Composer not to change the ownership of public_html, although I have no clue why it does so in the first place. Can you advice me, why is it possible for a user to change the ownership of public_html at all? Can I deny that somewhere? It would make sense if the system protected this directory from being made unavailable for apache by mistake. :)
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It might be an issue that the developers for that application will need to address. It likely happens if the application is installed as "root" and thus has access to change the ownership and permission values. Which PHP handler is in-use on this system?

    Thank you.
     
Loading...

Share This Page