Please provide more info about EasyApache FileProtect feature

Kent Brockman

• January 31, 2017 06:13

Hello guys. Today I upgraded some servers to cPanel 11.62 to discover this new feature. Note that I'm using EA4 in all of these servers and the "Enable File Protect" option is ON by default on Tweak Settings. After reading a couple links I arrived here (Apache Module: FileProtect - EasyApache - cPanel Documentation) where it's stated that this feature is to protect public_html folders but all the references in that page point towards EasyApache 3 (even when you run /scripts/enablefileprotect --help) So, is this a feature exclusively working with EA3? How does it work under EA4? What permissions are exactly being modified? Please ellaborate. Thanks! :)

• 

  vacancy

  • January 31, 2017 15:33

  Easyapache 3 is a function that is enabled by default. As mentioned, an important function that public_html folders to be not read by other accounts. FileProtect provides better directory security. With 11.58 and Easyapache 4, this function is turned disabled by default. I had to run the /scripts/enablefileprotect command to activate it. With 11.62 this function was turned on by default. It also added a symlink protect function for mod_php and mod_suphp with 11.62, a very nice improvement. (Apache configuration > Global Configuration > Symlink Protect set on )

  0
• 

  Kent Brockman

  • January 31, 2017 15:40

  Interesting. But what permissions are exactly being modified?

  0
• 

  vacancy

  • January 31, 2017 15:44

  Interesting. But what permissions are exactly being modified?

  
  There will be no change that affects the running of accounts. disable fileprotect - public_html owner username username enable fileprotect - public_html owner username nobody

  0
• 

  Kent Brockman

  • January 31, 2017 15:47

  Thanks. That's what I exactly wanted to know.

  0
• 

  cPanelMichael

  • January 31, 2017 21:34

  Hello, File Protect will check the permissions and ownership values on each user account's public_html directory and each addon domain's DocumentRoot directory and then set the values accordingly. It also takes into account the use of Mod_Ruid2, which changes how the ownership value is configured. You can directly view the file that enables the File Protect option if you'd like see how it works in the background:
  cat /usr/local/cpanel/scripts/enablefileprotect
  Thank you.

  0

Please sign in to leave a comment.