Control Web Panel
WebPanel => CentOS 7 Problems => Topic started by: Holbroom on March 04, 2020, 01:29:06 PM
-
Apologies if this has already been asked but I couldn't find anything on the search.
I've recently installed Centos Panel on to Centos 7 using the install script, everything has worked fine except when you create a new FTP user via a user control panel.
As soon as you add a new FTP account, the perms changed from 644 holbroom:nobody to 644 holbroom:holbroom and causes the following message when you try browsing to the webpage
Forbidden
You don't have permission to access / on this server.
Server unable to read htaccess file, denying access to be safe
As soon as you change the perms back to 644 holbroom:nobody the Forbidden message goes away and lets you access the website again.
Not sure what or why is causing this but unless I solve the issue, anytime any user creates a new FTP account they will be locked out of their website.
Help would be much appreciated.
-
644 holbroom:nobody is insecure and 644 holbroom:holbroom is the preferred permissions.
Make sure you have selected su_exec and/or su_php in your Apache settings (assuming that is what you use).
Check for loaded modules in /usr/local/apache/conf/httpd.conf
LoadModule suexec_module modules/mod_suexec.so
Check /usr/local/apache/conf.d/vhosts/holbroom_domain_name.conf (and the ssl one)
<IfModule mod_suexec.c>
SuexecUserGroup holbroom holbroom
</IfModule>
<IfModule mod_suphp.c>
suPHP_UserGroup holbroom holbroom
suPHP_ConfigPath /home/holbroom
</IfModule>
If the modules are correctly loaded, then you may wish to rebuild the Apache vhosts, and ensure permissions on the various public_html are set correctly i.e. no group nobody. Otherwise look forward to sites getting hacked at some stage. :o
-
644 holbroom:nobody is insecure and 644 holbroom:holbroom is the preferred permissions.
Make sure you have selected su_exec and/or su_php in your Apache settings (assuming that is what you use).
Thanks,
I have enabled suExec by following https://wiki.centos-webpanel.com/how-to-enable-mod_suexec-with-apache
But creating a new FTP user still sets the permissions back to holbroom:holbroom and denies access to my website, it only allows access if the perms are holbroom:nobody
This is an out the box installation so shouldn't everything just work? I haven't changed anything for this not to work, if that makes sense.
-
Read my updated post.
CWP helps you to manage your website but doesn't hand-hold you through it. In fact, some options and advice are downright risky on shared hosting environments, IMHO.
-
Read my updated post.
CWP helps you to manage your website but doesn't hand-hold you through it. In fact, some options and advice are downright risky on shared hosting environments, IMHO.
Just noticed that, thanks, I will give that a try and see what happens.
-
All the configs looks correct, which you posted.
But something else is denying access to the world when the permissions are set correctly... ie holbroom:holbroom
-
Go to Apache Rebuild
Check the current loaded modules:
suexec_module (shared)
suphp_module (shared
Select latest Apache version at the bottom and rebuild, with --enable-suexec added to the configuration options list.
Once complete, select Webservers Conf Editor, Rebuild all vhosts.
-
Go to Apache Rebuild
Check the current loaded modules:
suexec_module (shared)
suphp_module (shared
Select latest Apache version at the bottom and rebuild.
Once complete, select Webservers Conf Editor, Rebuild all vhosts.
Thank you, will give this a go when i get home, work proxy won't let me access URL's containing ports.
Thanks for the help
-
Note: it appears that the --enable-suexec flag is ignored during the build.
Either follow that link you posted earlier or manually remove the # from the httpd.conf file and restart Apache.
-
@Holbroom Thanks for the report, this will be resolved in the next update