Author Topic: Creating FTP User Changes Perms on public_html  (Read 5203 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Creating FTP User Changes Perms on public_html
« on: March 04, 2020, 01:29:06 PM »
Apologies if this has already been asked but I couldn't find anything on the search.
I've recently installed Centos Panel on to Centos 7 using the install script, everything has worked fine except when you create a new FTP user via a user control panel.

As soon as you add a new FTP account, the perms changed from 644 holbroom:nobody to 644 holbroom:holbroom and causes the following message when you try browsing to the webpage

Quote
Forbidden
You don't have permission to access / on this server.
Server unable to read htaccess file, denying access to be safe

As soon as you change the perms back to 644 holbroom:nobody the Forbidden message goes away and lets you access the website again.

Not sure what or why is causing this but unless I solve the issue, anytime any user creates a new FTP account they will be locked out of their website.

Help would be much appreciated.

Re: Creating FTP User Changes Perms on public_html
« Reply #1 on: March 04, 2020, 01:43:28 PM »
644 holbroom:nobody is insecure and 644 holbroom:holbroom is the preferred permissions.
Make sure you have selected su_exec and/or su_php in your Apache settings (assuming that is what you use).

Check for loaded modules in /usr/local/apache/conf/httpd.conf
LoadModule suexec_module modules/mod_suexec.so

Check  /usr/local/apache/conf.d/vhosts/holbroom_domain_name.conf (and the ssl one)

Code: [Select]
<IfModule mod_suexec.c>
SuexecUserGroup holbroom holbroom
</IfModule>

<IfModule mod_suphp.c>
suPHP_UserGroup holbroom holbroom
suPHP_ConfigPath /home/holbroom
</IfModule>

If the modules are correctly loaded, then you may wish to rebuild the Apache vhosts, and ensure permissions on the various public_html are set correctly i.e. no group nobody. Otherwise look forward to sites getting hacked at some stage.  :o
« Last Edit: March 04, 2020, 02:05:36 PM by ejsolutions »

Offline
*
Re: Creating FTP User Changes Perms on public_html
« Reply #2 on: March 04, 2020, 01:57:30 PM »
644 holbroom:nobody is insecure and 644 holbroom:holbroom is the preferred permissions.
Make sure you have selected su_exec and/or su_php in your Apache settings (assuming that is what you use).

Thanks,
I have enabled suExec by following https://wiki.centos-webpanel.com/how-to-enable-mod_suexec-with-apache
But creating a new FTP user still sets the permissions back to holbroom:holbroom and denies access to my website, it only allows access if the perms are holbroom:nobody

This is an out the box installation so shouldn't everything just work? I haven't changed anything for this not to work, if that makes sense.

Re: Creating FTP User Changes Perms on public_html
« Reply #3 on: March 04, 2020, 02:00:41 PM »
Read my updated post.
CWP helps you to manage your website but doesn't hand-hold you through it. In fact, some options and advice are downright risky on shared hosting environments, IMHO.

Offline
*
Re: Creating FTP User Changes Perms on public_html
« Reply #4 on: March 04, 2020, 02:01:38 PM »
Read my updated post.
CWP helps you to manage your website but doesn't hand-hold you through it. In fact, some options and advice are downright risky on shared hosting environments, IMHO.

Just noticed that, thanks, I will give that a try and see what happens.

Offline
*
Re: Creating FTP User Changes Perms on public_html
« Reply #5 on: March 04, 2020, 02:07:10 PM »
All the configs looks correct, which you posted.
But something else is denying access to the world when the permissions are set correctly... ie holbroom:holbroom

Re: Creating FTP User Changes Perms on public_html
« Reply #6 on: March 04, 2020, 02:16:01 PM »
Go to Apache Rebuild

Check the current loaded modules:
 suexec_module (shared)
 suphp_module (shared

Select latest Apache version at the bottom and rebuild, with   --enable-suexec  added to the configuration options list.
Once complete, select Webservers Conf Editor, Rebuild all vhosts.
« Last Edit: March 04, 2020, 02:21:42 PM by ejsolutions »

Offline
*
Re: Creating FTP User Changes Perms on public_html
« Reply #7 on: March 04, 2020, 02:21:54 PM »
Go to Apache Rebuild

Check the current loaded modules:
 suexec_module (shared)
 suphp_module (shared

Select latest Apache version at the bottom and rebuild.
Once complete, select Webservers Conf Editor, Rebuild all vhosts.

Thank you, will give this a go when i get home, work proxy won't let me access URL's containing ports.
Thanks for the help

Re: Creating FTP User Changes Perms on public_html
« Reply #8 on: March 04, 2020, 02:34:14 PM »
Note: it appears that the --enable-suexec flag is ignored during the build.
Either follow that link you posted earlier or manually remove the # from the httpd.conf file and restart Apache.

Offline
*****
Re: Creating FTP User Changes Perms on public_html
« Reply #9 on: March 04, 2020, 03:24:02 PM »
@Holbroom Thanks for the report, this will be resolved in the next update