Skip to main content

How can I disable the script that sets directories to 755

PatrickVeenstra
CPanel automatically executes a script that "fixes" permission of directories. ~/somefolder is set once in a while to 755. I suppose it's a security script, but FileProtect is disabled. What script modifies those permissions and how can I disable it?

Comments

23 comments

Date Votes
  • cPRex Jurassic Moderator
    Hey hey! The only thing I can think of on the cPanel side of things that will adjust the permissions is FileProtect, but you've already checked that. Is this a public_html directory or a different directory within a certain user's account?
    0
  • PatrickVeenstra
    It's the home directory of an add-on domain of a user account.
    0
  • cPRex Jurassic Moderator
    I don't believe there is anything else on the cPanel side besides FileProtect that would be making automated adjustments there. Does your server have any additional software configured like Puppet, or possibly a cron that is running? When you see the permissions reset, is this typically at the same time of day? It might be a good idea to setup an audit watch on the directory in question to see if that will let you identify the process that is making the change. That may show that crond is performing the work, and then you could dig deeper into crons on the system to see where the change is happening, as an example. We have some details on how to set this up here: Auditd - The Linux Auditing System
    0
  • PatrickVeenstra
    Thank you. I've just done so. I checked the directory once 24 hours after correcting the permissions, and they were still fine. After fixing them again yesterday, they're still correct now. Let's see what audit says.
    0
  • cPRex Jurassic Moderator
    Sounds like a plan - let me know what you find!
    0
  • PatrickVeenstra
    Here is the result: [CODE=bash]time->Thu Nov 12 01:22:10 2020 type=PROCTITLE msg=audit(1605140530.132:15551460): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1605140530.132:15551460): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040777 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1605140530.132:15551460): cwd="/" type=SYSCALL msg=audit(1605140530.132:15551460): arch=c000003e syscall=92 success=yes exit=0 a0=c928b0 a1=3eb a2=3ed a3=7ffde6b80920 items=1 ppid=6792 pid=6793 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=481841 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Thu Nov 12 01:22:10 2020 type=PROCTITLE msg=audit(1605140530.132:15551461): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1605140530.132:15551461): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040777 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1605140530.132:15551461): cwd="/" type=SYSCALL msg=audit(1605140530.132:15551461): arch=c000003e syscall=90 success=yes exit=0 a0=c928b0 a1=1ed a2=41 a3=7ffde6b80920 items=1 ppid=6792 pid=6793 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=481841 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Thu Nov 12 01:22:10 2020 type=PROCTITLE msg=audit(1605140530.132:15551462): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1605140530.132:15551462): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1605140530.132:15551462): cwd="/" type=SYSCALL msg=audit(1605140530.132:15551462): arch=c000003e syscall=92 success=yes exit=0 a0=cc9c30 a1=3eb a2=3ed a3=7f39a9de0111 items=1 ppid=6792 pid=6793 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=481841 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Thu Nov 12 01:22:10 2020 type=PROCTITLE msg=audit(1605140530.132:15551463): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1605140530.132:15551463): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1605140530.132:15551463): cwd="/" type=SYSCALL msg=audit(1605140530.132:15551463): arch=c000003e syscall=90 success=yes exit=0 a0=cc9c30 a1=1ed a2=41 a3=7f39a9de0111 items=1 ppid=6792 pid=6793 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=481841 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Thu Nov 12 01:22:10 2020 type=PROCTITLE msg=audit(1605140530.132:15551464): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1605140530.132:15551464): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1605140530.132:15551464): cwd="/" type=SYSCALL msg=audit(1605140530.132:15551464): arch=c000003e syscall=92 success=yes exit=0 a0=cc2b80 a1=3eb a2=3ed a3=2 items=1 ppid=6792 pid=6793 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=481841 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Thu Nov 12 01:22:10 2020 type=PROCTITLE msg=audit(1605140530.132:15551465): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1605140530.132:15551465): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1605140530.132:15551465): cwd="/" type=SYSCALL msg=audit(1605140530.132:15551465): arch=c000003e syscall=90 success=yes exit=0 a0=cc2b80 a1=1ed a2=41 a3=2 items=1 ppid=6792 pid=6793 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=481841 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Thu Nov 12 01:22:10 2020 type=PROCTITLE msg=audit(1605140530.132:15551466): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1605140530.132:15551466): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1605140530.132:15551466): cwd="/" type=SYSCALL msg=audit(1605140530.132:15551466): arch=c000003e syscall=92 success=yes exit=0 a0=c93150 a1=3eb a2=3ed a3=7f39a9de0111 items=1 ppid=6792 pid=6793 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=481841 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Thu Nov 12 01:22:10 2020 type=PROCTITLE msg=audit(1605140530.132:15551467): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1605140530.132:15551467): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1605140530.132:15551467): cwd="/" type=SYSCALL msg=audit(1605140530.132:15551467): arch=c000003e syscall=90 success=yes exit=0 a0=c93150 a1=1ed a2=41 a3=7f39a9de0111 items=1 ppid=6792 pid=6793 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=481841 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Thu Nov 12 01:22:10 2020 type=PROCTITLE msg=audit(1605140530.132:15551468): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1605140530.132:15551468): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1605140530.132:15551468): cwd="/" type=SYSCALL msg=audit(1605140530.132:15551468): arch=c000003e syscall=92 success=yes exit=0 a0=c930f0 a1=3eb a2=3ed a3=7f39a9de0111 items=1 ppid=6792 pid=6793 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=481841 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Thu Nov 12 01:22:10 2020 type=PROCTITLE msg=audit(1605140530.132:15551469): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1605140530.132:15551469): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1605140530.132:15551469): cwd="/" type=SYSCALL msg=audit(1605140530.132:15551469): arch=c000003e syscall=90 success=yes exit=0 a0=c930f0 a1=1ed a2=41 a3=7f39a9de0111 items=1 ppid=6792 pid=6793 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=481841 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Thu Nov 12 01:22:10 2020 type=PROCTITLE msg=audit(1605140530.132:15551470): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1605140530.132:15551470): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1605140530.132:15551470): cwd="/" type=SYSCALL msg=audit(1605140530.132:15551470): arch=c000003e syscall=92 success=yes exit=0 a0=c92bf0 a1=3eb a2=3ed a3=7ffde6b80820 items=1 ppid=6792 pid=6793 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=481841 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Thu Nov 12 01:22:10 2020 type=PROCTITLE msg=audit(1605140530.132:15551471): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1605140530.132:15551471): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1605140530.132:15551471): cwd="/" type=SYSCALL msg=audit(1605140530.132:15551471): arch=c000003e syscall=90 success=yes exit=0 a0=c92bf0 a1=1ed a2=41 a3=7ffde6b80820 items=1 ppid=6792 pid=6793 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=481841 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Thu Nov 12 01:22:10 2020 type=PROCTITLE msg=audit(1605140530.132:15551472): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1605140530.132:15551472): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1605140530.132:15551472): cwd="/" type=SYSCALL msg=audit(1605140530.132:15551472): arch=c000003e syscall=92 success=yes exit=0 a0=c93180 a1=3eb a2=3ed a3=7f39a9de0111 items=1 ppid=6792 pid=6793 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=481841 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Thu Nov 12 01:22:10 2020 type=PROCTITLE msg=audit(1605140530.133:15551473): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1605140530.133:15551473): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1605140530.133:15551473): cwd="/" type=SYSCALL msg=audit(1605140530.133:15551473): arch=c000003e syscall=90 success=yes exit=0 a0=c93180 a1=1ed a2=41 a3=7f39a9de0111 items=1 ppid=6792 pid=6793 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=481841 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Thu Nov 12 01:22:10 2020 type=PROCTITLE msg=audit(1605140530.133:15551474): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1605140530.133:15551474): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1605140530.133:15551474): cwd="/" type=SYSCALL msg=audit(1605140530.133:15551474): arch=c000003e syscall=92 success=yes exit=0 a0=cc9c60 a1=3eb a2=3ed a3=7f39a9de0111 items=1 ppid=6792 pid=6793 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=481841 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Thu Nov 12 01:22:10 2020 type=PROCTITLE msg=audit(1605140530.133:15551475): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1605140530.133:15551475): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1605140530.133:15551475): cwd="/" type=SYSCALL msg=audit(1605140530.133:15551475): arch=c000003e syscall=90 success=yes exit=0 a0=cc9c60 a1=1ed a2=41 a3=7f39a9de0111 items=1 ppid=6792 pid=6793 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=481841 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Thu Nov 12 01:22:10 2020 type=PROCTITLE msg=audit(1605140530.133:15551476): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1605140530.133:15551476): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1605140530.133:15551476): cwd="/" type=SYSCALL msg=audit(1605140530.133:15551476): arch=c000003e syscall=92 success=yes exit=0 a0=cc9b60 a1=3eb a2=3ed a3=cc8520 items=1 ppid=6792 pid=6793 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=481841 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Thu Nov 12 01:22:10 2020 type=PROCTITLE msg=audit(1605140530.133:15551477): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1605140530.133:15551477): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1605140530.133:15551477): cwd="/" type=SYSCALL msg=audit(1605140530.133:15551477): arch=c000003e syscall=90 success=yes exit=0 a0=cc9b60 a1=1ed a2=41 a3=cc8520 items=1 ppid=6792 pid=6793 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=481841 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" [
    0
  • PatrickVeenstra
    68965
    0
  • cPRex Jurassic Moderator
    Thanks for tracking that down. This seems like intended behavior then as the addon domain docroot does get reset to 755 with FileProtect disabled. I created an addon domain on my test server with FileProtect enabled: drwxr-x--- 3 username nobody 4096 Nov 12 09:48 testperm.com/ and then disabled FileProtect in Tweak Settings: drwxr-xr-x 4 username username 4096 Nov 12 09:48 testperm.com/ so that's why you're seeing that. Even with FileProtect disabled, it still makes sure the directories are setup properly as outlined in the documentation here: [QUOTE] When you disable this option, EasyApache performs the following actions:
    • Sets the user"s /home/username/ directory to 0755 permissions.
    • Sets the user"s /home/username/public_html directory Group ID to the username user and 0755 permissions.

    0
  • PatrickVeenstra
    Technically the documentation is wrong as it's neither /home/username/ nor /home/username/public_html but /home/username/something Obviously it's addon domain docroot but that could have been written more clearly in the documentation. That's without getting into the fact that disabled is not enabled. What's the point of disabling if it still executes and modifies permissions? Anyway, does it always run at 01:22? Because if that's the case I'll execute a cronjob at 01:25 to reset permissions.
    0
  • cPRex Jurassic Moderator
    We have this wording on the page: [QUOTE]Use this option to protect each cPanel account user"s public_html directory and each addon domain"s document root directory so that only Apache and the user may view its contents.
    Is there a way I could make that more clear? The "off" function of FileProtect just means that it doesn't setup the more strict permissions, but the system still makes sure the permissions are set to one or the other. There isn't a "disabled" option, althought that could be a good feature request to submit. This does run nightly as part of the cPanel updates if you wanted to create a cron to reset those.
    0
  • PatrickVeenstra
    That wording is correct, but the paragraph about disabling suggests that it doesn't affect addon domain roots. When you disable this option, EasyApache performs the following actions: - Sets the user"s /home/username/ directory to 0755 permissions. - Sets the user"s /home/username/public_html directory Group ID to the username user and 0755 permissions. You could add: - Sets each addon domain"s document root directory to 0755 permissions. BTW "nightly" is between 1am and 2am? I just need a safe hour for the cronjob and I prefer to not run it more than once. For example, running it at 2am would be safe or shall I run it at 3am? And thanks a lot for helping out.
    0
  • cPRex Jurassic Moderator
    "Nightly" it whenever your upcp cron runs, which is set to 1AM by default. It's likely save to do 2AM as the updates usually don't take more than a few minutes, possibly up to 15-20 if there are actual changes. Gotcha on the disabling. I'll have our docs team tweak that section :D
    0
  • PatrickVeenstra
    One more thing. Why doesn't this change happen every day? If you consider it security the execution is too random.
    0
  • cPRex Jurassic Moderator
    I'm doing a bit more research on exactly what triggers this, so I'll update you soon!
    0
  • cPRex Jurassic Moderator
    I've been doing my testing and haven't been able to reliably track down the details I wanted. I contacted our developers for some additional explanation on FileProtect's behavior although it will likely be later next week when I hear back. I'll set this thread to "In Progress" so I can be sure to update it later with my findings.
    0
  • PatrickVeenstra
    [CODE=bash] time->Tue Nov 24 01:22:27 2020 type=PROCTITLE msg=audit(1606177347.613:16205394): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1606177347.613:16205394): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1606177347.613:16205394): cwd="/" type=SYSCALL msg=audit(1606177347.613:16205394): arch=c000003e syscall=92 success=yes exit=0 a0=1871680 a1=3eb a2=3ed a3=732f617372657070 items=1 ppid=28112 pid=28113 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=513553 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Tue Nov 24 01:22:27 2020 type=PROCTITLE msg=audit(1606177347.613:16205395): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1606177347.613:16205395): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1606177347.613:16205395): cwd="/" type=SYSCALL msg=audit(1606177347.613:16205395): arch=c000003e syscall=90 success=yes exit=0 a0=1871680 a1=1ed a2=41 a3=732f617372657070 items=1 ppid=28112 pid=28113 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=513553 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Tue Nov 24 01:22:27 2020 type=PROCTITLE msg=audit(1606177347.613:16205396): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1606177347.613:16205396): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1606177347.613:16205396): cwd="/" type=SYSCALL msg=audit(1606177347.613:16205396): arch=c000003e syscall=92 success=yes exit=0 a0=1871720 a1=3eb a2=3ed a3=732f617372657070 items=1 ppid=28112 pid=28113 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=513553 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Tue Nov 24 01:22:27 2020 type=PROCTITLE msg=audit(1606177347.613:16205397): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1606177347.613:16205397): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1606177347.613:16205397): cwd="/" type=SYSCALL msg=audit(1606177347.613:16205397): arch=c000003e syscall=90 success=yes exit=0 a0=1871720 a1=1ed a2=41 a3=732f617372657070 items=1 ppid=28112 pid=28113 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=513553 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Tue Nov 24 01:22:27 2020 type=PROCTITLE msg=audit(1606177347.613:16205398): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1606177347.613:16205398): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1606177347.613:16205398): cwd="/" type=SYSCALL msg=audit(1606177347.613:16205398): arch=c000003e syscall=92 success=yes exit=0 a0=18a1980 a1=3eb a2=3ed a3=732f617372657070 items=1 ppid=28112 pid=28113 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=513553 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Tue Nov 24 01:22:27 2020 type=PROCTITLE msg=audit(1606177347.613:16205399): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1606177347.613:16205399): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1606177347.613:16205399): cwd="/" type=SYSCALL msg=audit(1606177347.613:16205399): arch=c000003e syscall=90 success=yes exit=0 a0=18a1980 a1=1ed a2=41 a3=732f617372657070 items=1 ppid=28112 pid=28113 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=513553 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Tue Nov 24 01:22:27 2020 type=PROCTITLE msg=audit(1606177347.613:16205400): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1606177347.613:16205400): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1606177347.613:16205400): cwd="/" type=SYSCALL msg=audit(1606177347.613:16205400): arch=c000003e syscall=92 success=yes exit=0 a0=1871f10 a1=3eb a2=3ed a3=732f617372657070 items=1 ppid=28112 pid=28113 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=513553 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Tue Nov 24 01:22:27 2020 type=PROCTITLE msg=audit(1606177347.613:16205401): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1606177347.613:16205401): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1606177347.613:16205401): cwd="/" type=SYSCALL msg=audit(1606177347.613:16205401): arch=c000003e syscall=90 success=yes exit=0 a0=1871f10 a1=1ed a2=41 a3=732f617372657070 items=1 ppid=28112 pid=28113 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=513553 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Tue Nov 24 01:22:27 2020 type=PROCTITLE msg=audit(1606177347.613:16205402): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1606177347.613:16205402): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1606177347.613:16205402): cwd="/" type=SYSCALL msg=audit(1606177347.613:16205402): arch=c000003e syscall=92 success=yes exit=0 a0=18a8b30 a1=3eb a2=3ed a3=18a7608 items=1 ppid=28112 pid=28113 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=513553 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Tue Nov 24 01:22:27 2020 type=PROCTITLE msg=audit(1606177347.614:16205403): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1606177347.614:16205403): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1606177347.614:16205403): cwd="/" type=SYSCALL msg=audit(1606177347.614:16205403): arch=c000003e syscall=90 success=yes exit=0 a0=18a8b30 a1=1ed a2=41 a3=18a7608 items=1 ppid=28112 pid=28113 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=513553 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Tue Nov 24 01:22:27 2020 type=PROCTITLE msg=audit(1606177347.614:16205404): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1606177347.614:16205404): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1606177347.614:16205404): cwd="/" type=SYSCALL msg=audit(1606177347.614:16205404): arch=c000003e syscall=92 success=yes exit=0 a0=18a99c0 a1=3eb a2=3ed a3=18a7b48 items=1 ppid=28112 pid=28113 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=513553 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Tue Nov 24 01:22:27 2020 type=PROCTITLE msg=audit(1606177347.614:16205405): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1606177347.614:16205405): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1606177347.614:16205405): cwd="/" type=SYSCALL msg=audit(1606177347.614:16205405): arch=c000003e syscall=90 success=yes exit=0 a0=18a99c0 a1=1ed a2=41 a3=18a7b48 items=1 ppid=28112 pid=28113 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=513553 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Tue Nov 24 01:22:27 2020 type=PROCTITLE msg=audit(1606177347.614:16205406): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1606177347.614:16205406): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1606177347.614:16205406): cwd="/" type=SYSCALL msg=audit(1606177347.614:16205406): arch=c000003e syscall=92 success=yes exit=0 a0=1871ee0 a1=3eb a2=3ed a3=732f617372657070 items=1 ppid=28112 pid=28113 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=513553 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Tue Nov 24 01:22:27 2020 type=PROCTITLE msg=audit(1606177347.614:16205407): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1606177347.614:16205407): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1606177347.614:16205407): cwd="/" type=SYSCALL msg=audit(1606177347.614:16205407): arch=c000003e syscall=90 success=yes exit=0 a0=1871ee0 a1=1ed a2=41 a3=732f617372657070 items=1 ppid=28112 pid=28113 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=513553 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Tue Nov 24 01:22:27 2020 type=PROCTITLE msg=audit(1606177347.614:16205408): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1606177347.614:16205408): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1606177347.614:16205408): cwd="/" type=SYSCALL msg=audit(1606177347.614:16205408): arch=c000003e syscall=92 success=yes exit=0 a0=18a8910 a1=3eb a2=3ed a3=732f617372657070 items=1 ppid=28112 pid=28113 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=513553 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Tue Nov 24 01:22:27 2020 type=PROCTITLE msg=audit(1606177347.614:16205409): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1606177347.614:16205409): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1606177347.614:16205409): cwd="/" type=SYSCALL msg=audit(1606177347.614:16205409): arch=c000003e syscall=90 success=yes exit=0 a0=18a8910 a1=1ed a2=41 a3=732f617372657070 items=1 ppid=28112 pid=28113 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=513553 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Tue Nov 24 01:22:27 2020 type=PROCTITLE msg=audit(1606177347.614:16205410): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1606177347.614:16205410): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1606177347.614:16205410): cwd="/" type=SYSCALL msg=audit(1606177347.614:16205410): arch=c000003e syscall=92 success=yes exit=0 a0=1871a10 a1=3eb a2=3ed a3=18a7b48 items=1 ppid=28112 pid=28113 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=513553 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios" ---- time->Tue Nov 24 01:22:27 2020 type=PROCTITLE msg=audit(1606177347.614:16205411): proctitle=2F7573722F6C6F63616C2F6370616E656C2F33726470617274792F62696E2F7065726C002F7573722F6C6F63616C2F6370616E656C2F736372697074732F64697361626C6566696C6570726F74656374 type=PATH msg=audit(1606177347.614:16205411): item=0 name="/home/account/addondomain" inode=28059201 dev=08:02 mode=040755 ouid=1003 ogid=1005 rdev=00:00 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1606177347.614:16205411): cwd="/" type=SYSCALL msg=audit(1606177347.614:16205411): arch=c000003e syscall=90 success=yes exit=0 a0=1871a10 a1=1ed a2=41 a3=18a7b48 items=1 ppid=28112 pid=28113 auid=0 uid=0 gid=0 euid=1003 suid=0 fsuid=1003 egid=1005 sgid=0 fsgid=1005 tty=(none) ses=513553 comm="disablefileprot" exe="/usr/local/cpanel/3rdparty/perl/530/bin/perl" key="cambios"
    Any update?
    0
  • cPRex Jurassic Moderator
    With the holidays happening this week I haven't received an update just yet. I'm hoping to hear something by Monday and I'll provide an udpate then.
    0
  • cPRex Jurassic Moderator
    @PatrickVeenstra - I confirmed our team is looking at this today so I'll get you another update later on :D
    0
  • cPRex Jurassic Moderator
    One thing I have been able to track down is that this does happen when creating or removing an addon or subdomain as well, since it checks and confirms those permissoins. Have you performed that work around the time that you see this changing on the system?
    0
  • PatrickVeenstra
    No, I have not. I've never added an addon domain to that account and I'm using a wildcard subdomain in case that matters.
    0
  • cPRex Jurassic Moderator
    Thanks for that confirmation. Do you see anything interesting in the cPanel access log at /usr/local/cpanel/logs/access_log at the time the audit rule shows those permissions being modified?
    0
  • PatrickVeenstra
    Actually there's nothing interesting over there either: 127.0.0.1 - - [11/24/2020:01:03:53 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0 "-" "-" "-" "-" 2086 127.0.0.1 - - [11/24/2020:01:10:06 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0 "-" "-" "-" "-" 2086 127.0.0.1 - - [11/24/2020:01:16:23 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0 "-" "-" "-" "-" 2086 127.0.0.1 - - [11/24/2020:01:22:41 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0 "-" "-" "-" "-" 2086 127.0.0.1 - - [11/24/2020:01:28:59 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0 "-" "-" "-" "-" 2086 127.0.0.1 - - [11/24/2020:01:35:17 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0 "-" "-" "-" "-" 2086 127.0.0.1 - - [11/24/2020:01:41:35 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0 "-" "-" "-" "-" 2086 127.0.0.1 - - [11/24/2020:01:47:53 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0 "-" "-" "-" "-" 2086 127.0.0.1 - - [11/24/2020:01:54:09 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0 "-" "-" "-" "-" 2086
    0
  • cPRex Jurassic Moderator
    Thanks for that - that just looks like monitoring data in the logs. I did some additional testing and found that updates or changes to PHP also trigger this action, and there are frequently minor updates to PHP versions and packages. For example, I see this from my /var/log/yum.log file for this morning: Dec 08 01:03:11 Updated: alt-php74-intl-7.4.13-1.el6.x86_64 Dec 08 01:03:11 Updated: alt-php74-gd-7.4.13-1.el6.x86_64 Dec 08 01:03:11 Updated: alt-php74-firebird-7.4.13-1.el6.x86_64 Dec 08 01:03:11 Updated: alt-php74-imap-7.4.13-1.el6.x86_64 Dec 08 01:03:11 Updated: alt-php74-tidy-7.4.13-1.el6.x86_64 Dec 08 01:03:11 Updated: alt-php74-dba-7.4.13-1.el6.x86_64 Dec 08 01:03:11 Updated: alt-php74-enchant-7.4.13-1.el6.x86_64 Dec 08 01:03:11 Updated: alt-php74-bcmath-7.4.13-1.el6.x86_64 Dec 08 01:03:11 Updated: alt-php74-pspell-7.4.13-1.el6.x86_64 Dec 08 01:03:12 Updated: alt-php74-opcache-7.4.13-1.el6.x86_64 Dec 08 01:03:12 Updated: alt-php74-sqlite3-7.4.13-1.el6.x86_64 Dec 08 01:03:12 Updated: alt-php51-pecl-ext-1-41.el6.x86_64 Dec 08 01:03:13 Updated: alt-php55-pecl-ext-1-123.el6.x86_64 Dec 08 01:03:13 Updated: alt-php54-pecl-ext-1-137.el6.x86_64 Dec 08 01:03:17 Updated: alt-php71-pecl-ext-1-60.el6.x86_64 Dec 08 01:03:21 Updated: alt-php70-pecl-ext-1-72.el6.x86_64 Dec 08 01:03:22 Updated: alt-php56-pecl-ext-1-90.el6.x86_64 Dec 08 01:03:26 Updated: alt-php72-pecl-ext-1-61.el6.x86_64 Dec 08 01:03:27 Updated: alt-php53-pecl-ext-1-143.el6.x86_64 Dec 08 01:03:27 Updated: alt-php52-pecl-ext-1-117.el6.x86_64
    As a test, I reinstalled PHP 7.4 on the system and confirmed that caused the change to happen. Can you see if your update logs correspond with the changes to the permissions?
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post