What's the importance of running scripts as the user?

Question

What's the importance of running scripts as the user?

Answer

Scripts installed for a cPanel user's website should be run as the cPanel user, and not as the nobody user (which is what Apache itself runs as on cPanel servers) because it allows better isolation between users on the server. If code for websites runs as nobody and the nobody user has write access to the files and folders for websites, then one user with a hacked or malicious website can result in other websites for other users being compromised as well. Aside from that, if the nobody user does not have write permissions to the files and folders for a website and you are running things as nobody, sites are likely to experience permission related failures (such as being unable to update WordPress because it cannot change the files). For security and to prevent file permission issues, it is best to have website code running as the user that owns the website. There are several different ways of ensuring this. All of our profiles include packages for it, though the exact ones differ between them. If you are making customizations to your own profile, you should ensure that any code from a user's website will be run as the user. The one exception to this is if you have only one user on your server, in which case it is not important. You should have either:

A. mod_ruid2 OR mpm_itk
B. CGI with mod_suexec (and any of mod_suphp/PHP-FPM/mod_lsapi/lsphp)

In particular, if you are customizing our Default profile to change the MPM away from Prefork to Worker or Event, mod_ruid2 will be uninstalled. I would suggest that you install at least mod_suexec any time you are uninstalling mod_ruid2.