Question
What's the importance of running scripts as the user?
Answer
Scripts installed for a cPanel user's website should be run as the cPanel user, and not as the nobody user (which is what Apache itself runs as on cPanel servers) because it allows better isolation between users on the server. If code for websites runs as nobody and the nobody user has write access to the files and folders for websites, then one user with a hacked or malicious website can result in other websites for other users being compromised as well. Aside from that, if the nobody user does not have write permissions to the files and folders for a website, and you are running things as nobody, sites are likely to experience permission-related failures (such as being unable to update WordPress because it cannot change the files). For security and to prevent file permission issues, it is best to have website code running as the user that owns the website.
There are several different ways of ensuring that website code runs as the user who owns that website. All of our profiles include packages for this, though the exact ones differ between them. If you make customizations to the Apache profile, you should ensure that any code from a user's website will be run as the user. The one exception to this is if you have only one user on your server, in which case it is not important. You should have either mod_ruid2 or mod_suexec installed.
Please note, if you use mod_suexec, your sites will have to use the suphp, PHP-FPM, lsapi, or lsphp PHP handlers so that scripts are executed as the site owner.
Please note, that if you customize the Default profile to change MPM from Prefork to Worker or Event, mod_ruid2 will be uninstalled.
Comments
0 comments
Article is closed for comments.