Skip to main content

Folder permissions automatically reverted

PatrickVeenstra
I have an addon domain in its own folder $HOME/domain, the main domain is obviously in $HOME/public_html Once in a while (in this case November 1, November 23 and December 6 -the exact date may be wrong, it's the date I noticed) the permissions of that folder are changed to 755 back from 777. What process, cronjob, etc. modifies folder permissions? p.s. the owner is the user, not nobody:nogroup or nobody:nobody. Would changing that be a fix? (it would allow to use the 755 permission). ref:

Comments

17 comments

Date Votes
  • cPanelLauren
    Hi @PatrickVeenstra There shouldn't be any cron that changes file permissions. The only thing I can think of is fileprotect: ls -lah /scripts/ |grep fileprotect -rwxr-xr-x 1 root root 3.1K Jun 26 14:14 disablefileprotect -rwxr-xr-x 1 root root 3.1K Jul 18 09:18 enablefileprotect
    If you run the script to disable fileprotect does the issue persist? Thanks!
    0
  • PatrickVeenstra
    I've just ran the script. I'll let you know in a couple of weeks I guess. Thanks.
    0
  • cPanelLauren
    Hi @PatrickVeenstra I would assume it's happening during an update, you could try running the update process to see if anything changes.
    0
  • PatrickVeenstra
    Just checked and permissions were reverted again. "fixed" it, recompiled Apache (EasyApache) and it was reverted again :(
    0
  • rpvw
    Check to see if you have enabled WHM " Server Configuration " Tweak Settings > Security > Enable File Protect This option enables the EasyApache FileProtect module, which improves the security of each user"s public_html director Security section of WHM's The EasyApache 4 FileProtect Option - EasyApache 4 - cPanel Documentation
    0
  • PatrickVeenstra
    Thanks but Enable File Protect is Off
    0
  • rpvw
    [quote] Note: When you disable this option, EasyApache sets these files to 0755 permissions.
    Is that not what you are seeing ?
    the permissions of that folder are changed to 755 back from 777.

    0
  • PatrickVeenstra
    Correct, when you disable it it sets 755 when you enable it 750
    0
  • rpvw
    Now I am confused. 755 is the correct and default permission level for cPanel folders - why would you want them to be 777 which is inherently too permissive and insecure, and opens the folder and its content for any process to use for malware ? I don't think the folders should have ever been changed to 777 in the first place !
    0
  • PatrickVeenstra
    I want Apache to create a directory and write a few files. It's a single user server and performance is a must.
    0
  • cPanelLauren
    I want Apache to create a directory and write a few files. It's a single user server and performance is a must.

    That didn't really answer the question and I believe I misunderstood the original question. The issue you're having is that Files/Folders aren't staying with 777 perms. What PHP handler are you running? I'm not entirely sure this matters though, where are you trying to create the folder?
    0
  • PatrickVeenstra
    I'm creating them in $HOME/subdomain (e.g. $HOME/subdomain/AA) I used to run Apache 2.2 with DSO, but right now I'm running Apache 2.4 with PHP 5.6 and 7.1 in cgi. That specific account is using 5.6.
    0
  • cPanelLauren
    Hi @PatrickVeenstra You might try running DSO again, you can get it in EasyApache - just search DSO in PHP Extensions. One word of warning though you can only have it installed/active on one PHP version at a time. The documentation here might help in explaining why what's happening is PHP Handlers - EasyApache 4 - cPanel Documentation
    0
  • PatrickVeenstra
    So there's no way to keep permissions? The only way would be to check permissions and setup a cron job to modify them if needed? Isn't there some way to execute a script after easy-apache runs? (to run a shell script to re-modify permissions) edit: Reading the old EA3 documentation: Script Hooks - EasyApache - cPanel Documentation Can I create a shell script named /scripts/posteasyapache to chmod that particular directory?
    0
  • cPanelLauren
    Hi @PatrickVeenstra A hook would work, only if you've determined the exact thing that triggers the permissions changes. Since EA4 the EasyApache process has changed so they're no longer relevant for EasyApache specifically but you could create one: Guide to Standardized Hooks - Hookable Events - Developer Documentation - cPanel Documentation
    0
  • PatrickVeenstra
    So there's no Apache build hook anymore? Should I hook UPCP? That wouldn't work with a manual rebuild of Apache. What can I hook? Another "solution" would be to change the directory owner to nobody (as I see now, half of the folders in there are already owned by nobody), but....
    0
  • rpvw
    As @cPanelLauren suggested, change the PHP handler for that account to one that will execute your PHP as the account user rather than 'nobody' (eg DSO + mod_mpm_itk or mod_ruid2 OR suPHP + mod_suphp). That way you will be able to write to the folder using the standard permissions mask, without having to make it world writeable, which would make it altogether more secure. See PHP Handlers - EasyApache 4 - cPanel Documentation for full details
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post