SOLVED Why does 'nobody' have to be the public_html group?

[ItsMattSon]

Hi all,

Would anybody be able to explain why the public_html directoy in all of my accounts has to have 'nobody' set as the group?

When i set the user as user:group (chown username:username /home/username/public_html), the web page doesn't load anymore. In fact, it displays 403 Forbidden but I can't determine why?

Is it possible to change the Group to the user where the site will remain accessible?

 

[cPanelMichael]

Hello,

The group owner depends on the PHP handler and if Apache File Protect is enabled. Could you verify which PHP handler is configured for the version of PHP assigned to the account, and whether Mod_Ruid2 is enabled?

Thank you.

 

[ItsMattSon]

Hi cPanelMichael,

I'm using SuPHP as handler and also running PHP-FPM so I'm not sure what scripts will run as in that scenario haha. Assuming still the account?

I've decided I don't need to adjust the setup after all so no need to invest time in this thread anymore

Curious though as to why nobody is the group for public_html rather than the account name (like all the files/sub dirs)?

 

[cPanelMichael]

Hello,

Nobody is utilized as the group owner when Apache doesn't run as the account username and FileProtect is enabled. There's another thread about FileProtect you may find helpful at:

Please provide more info about EasyApache FileProtect feature

Thanks!

 

[ItsMattSon]

Hi @cPanelMichael,

That was helpful - Thanks.

Noticed in the documentation for FileProtect that it is enabled by default on Basic, Mod Ruid2 and MPM ITK but I actually chose mod_mpm_worker for reasons I forget now.

All account public_html directories definitely have group as nobody though so I am wondering if it's enabled by default for mod_mpm_worker as well?

Rather than run the script to enable it, is there a quick and easy way to check it's enabled by command line or in WHM?

Thanks in advance!

 

[cPanelMichael]

Hello,

As of cPanel 62, it defaults to on and is controlled via "WHM >> Tweak Settings". Here's the relevant section the cPanel 62 Release Notes:

Enable FileProtect with Apache
This setting allows you to specify whether FileProtect is enabled on the system. FileProtect improves the security of each user's public_html directory. If you disable this setting, each user's directory will be at risk.

This setting defaults to On.

Thank you.