SOLVED Why does 'nobody' have to be the public_html group?

ItsMattSon

Well-Known Member
Sep 5, 2016
182
38
103
Perth
cPanel Access Level
Root Administrator
Hi all,

Would anybody be able to explain why the public_html directoy in all of my accounts has to have 'nobody' set as the group?

When i set the user as user:group (chown username:username /home/username/public_html), the web page doesn't load anymore. In fact, it displays 403 Forbidden but I can't determine why?

Is it possible to change the Group to the user where the site will remain accessible?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello,

The group owner depends on the PHP handler and if Apache File Protect is enabled. Could you verify which PHP handler is configured for the version of PHP assigned to the account, and whether Mod_Ruid2 is enabled?

Thank you.
 

ItsMattSon

Well-Known Member
Sep 5, 2016
182
38
103
Perth
cPanel Access Level
Root Administrator
Hi cPanelMichael,

I'm using SuPHP as handler and also running PHP-FPM so I'm not sure what scripts will run as in that scenario haha. Assuming still the account?

I've decided I don't need to adjust the setup after all so no need to invest time in this thread anymore :)

Curious though as to why nobody is the group for public_html rather than the account name (like all the files/sub dirs)?
 

ItsMattSon

Well-Known Member
Sep 5, 2016
182
38
103
Perth
cPanel Access Level
Root Administrator
Hi @cPanelMichael,

That was helpful - Thanks.

Noticed in the documentation for FileProtect that it is enabled by default on Basic, Mod Ruid2 and MPM ITK but I actually chose mod_mpm_worker for reasons I forget now.

All account public_html directories definitely have group as nobody though so I am wondering if it's enabled by default for mod_mpm_worker as well?

Rather than run the script to enable it, is there a quick and easy way to check it's enabled by command line or in WHM?

Thanks in advance!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello,

As of cPanel 62, it defaults to on and is controlled via "WHM >> Tweak Settings". Here's the relevant section the cPanel 62 Release Notes:

Enable FileProtect with Apache
This setting allows you to specify whether FileProtect is enabled on the system. FileProtect improves the security of each user's public_html directory. If you disable this setting, each user's directory will be at risk.

This setting defaults to On.
Thank you.
 
  • Like
Reactions: ItsMattSon