Results 1 to 24 of 24
  1. #1
    Join Date
    May 2007
    Posts
    442

    Chmod (nobody) write permissions reset after server update

    I have a php upload form that allows me to upload images and set them to a folder, works fine.

    However, it seems anytime there's a server update, I need to login as root and re-set the permissions to "nobody" - is there something I can do via php or set via server settings to avoid resetting of the write permissions?

  2. #2
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,737
    Move to a host that doesn't run PHP as "nobody"; running as nobody is highly insecure and leaves your files and passwords readable by others on the server (or those who hack into others accounts). Look for fastCGI, or phpsuexec, or something similar ....

    More importantly, if they don't understand why it's important to not run the web server as a single shared user, there's probably other stuff they don't understand ...
    Last edited by brianoz; 05-13-2011 at 10:40 PM.

  3. #3
    Join Date
    May 2007
    Posts
    442
    It's a VPS, I only host my own sites on it.
    I have 2 different VPS that have this same problem.

    PHP is running as cgi handler; Apache suEXEC is on.

    I also have a dedicated server I've tested with a similar setup, the writable permissions don't have the same problem there - not sure what's going on with the VPS'..


    Additionally, I know it's insecure but I cannot have a self-signed SSL cert with cpanel without it. The only scripts on the VPS' are ones I've written.
    Last edited by gpl24; 05-14-2011 at 01:08 AM.

  4. #4
    Join Date
    Jun 2003
    Posts
    367
    Edit:

    Err what?

    I also have a dedicated server I've tested with a similar setup, the writable permissions don't have the same problem there - not sure what's going on with the VPS'..


    Additionally, I know it's insecure but I cannot have a self-signed SSL cert with cpanel without it. The only scripts on the VPS' are ones I've written.

    WTF do writable permissions have to do with a self-signed certificate?

    --
    Common sense is not so common.

  5. #5
    Join Date
    May 2007
    Posts
    442
    If php is not run as cgi, the certs break. That is why suphp is not in use.

  6. #6
    Join Date
    Jun 2003
    Posts
    367
    ... most likely your messing around in the httpd.conf file or you've been messing about with the permissions on the certificate files.

    Hire a competent server admin or contact cPanel regarding the issue. Support comes with your license so whoever gave you your license is the place to contact.

    FYI: I've been doing cPanel support for 3 years now. Someone's done something stupid.
    Common sense is not so common.

  7. #7
    Join Date
    May 2007
    Posts
    442
    I don't touch httpd.conf, everything modified is done via WHM, including the self-signed SSLs.

    The VPS is managed by KnownHost, as is the other VPS I experience similar problems with. The dedicated I setup in an identical environment was elsewhere and did not experience the same issues.

  8. #8
    Join Date
    Jun 2003
    Posts
    367
    Open a ticket. If they can't figure it out they will escalate to cPanel.

    I can't troubleshoot this blind and unless someone has had this exact issue nobody else will either.

    What do you mean by "the certs break"? that has to be one of the most useless description of a problem I've seen in the last two hours. Almost as bad as "My site doesn't work."
    Common sense is not so common.

  9. #9
    Join Date
    May 2007
    Posts
    442
    Are you going out of your way to insult people and insist they're morons?

    unless someone has had this exact issue nobody else will either.
    DING DING DING!! If you weren't so full of yourself, you'd understand that's why I asked this question here!

  10. #10
    Join Date
    Jun 2003
    Posts
    367
    You asked a question with a vague description and expect a serious answer?

    Had you posted something like ....
    "When I run php under suPHP I get a certificate mismatch error" or "My browser says connection reset." You probably would have got a decent response.

    When you ask a almost useless question you get a answer suitable the skill level I assessed you at. For someone that can't be bothered so write up a detailed description of what they see or even the path to the folder that the permissions are changes.

    It's my way of saying your obviously not competent enough or too lazy to troubleshoot the issue yourself. Contact support.

    I'm a prick. I know it. I also get the job done.
    Common sense is not so common.

  11. #11
    Join Date
    May 2007
    Posts
    442
    I never asked for any help with my setup - your initial post essentially told me I'm a moron, so I explained to you WHY I had such a setup.

    I've been lurking & posting on this board for several years and have gotten loads of help with "vague" questions. Just because you don't understand it doesn't mean there isn't someone else out there with better comprehension skills.

    Since your initial post went offtopic on the basis of my question I'm led to believe it is beyond your skill level and you just had to throw your 2cents in there about something you did know about, to make yourself feel smart.

    If you have nothing useful to add to my question, please move on.

  12. #12
    Join Date
    Jun 2003
    Posts
    367
    I said it sounded like somebody did something stupid.

    hehe. Yes, I'm the idiot. That's why you can't get a feature that works out of the box on thousands of cPanel servers to work. I should have guessed.

    So just in case you missed the hints in the last few posts. I suggest you either describe the issue your having if you want help.

    i.e. WHAT FOLDER ARE YOU TALKING ABOUT?
    WHAT ARE THE PERMISSIONS RESET TO?
    WHAT ARE YOU CHANGING THE PERMISSIONS TO?


    WHAT DO YOU MEAN BY UPGRADE? cPanel/APACHE upgrade or the actual scripts?
    Common sense is not so common.

  13. #13
    Join Date
    May 2007
    Posts
    442
    I said it sounded like somebody did something stupid.
    Thank you, captain obvious. Unhelpful & unneeded.

    That's why you can't get a feature that works out of the box on thousands of cPanel servers to work. I should have guessed.
    php uploads & chmodding work out-of-the box? If that were true, there wouldn't be so many topics on similar forums with an over-abundance of varied questions.

    WHAT FOLDER ARE YOU TALKING ABOUT?

    Does it matter? It's an upload script with php! Do you also need to know what type of photos I'm trying to upload, also?

    WHAT ARE THE PERMISSIONS RESET TO?

    They are reset to permissions that are un-writable. I'm surprised this wasn't obvious to you.
    To be explicit, it's reset to the cpanel username (ie. account owner)

    WHAT ARE YOU CHANGING THE PERMISSIONS TO?

    Really? I'm surprised you didn't know this, seeing how you told me my host was a moron for allowing php to run as nobody

    WHAT DO YOU MEAN BY UPGRADE?
    Apache upgrade


    Now, seeing as you crapped on me for being "vague", was it really that difficult to ask for greater detail? Doing so from the start would have been much more helpful than spouting off insults and other useless drivel.

    And before it is stated again: Yes, I know how to open a ticket with Knownhost. No I am not lazy. I like to learn. If someone can drop some hints or let me know what they did in a similar situation, I'd learn from a mistake that I (likely) made; if Knownhost go in & do their thing, chances are they won't tell me with enough detail that I'd learn - it isn't their job to teach me or hold my hand when I break stuff. You being a "cpanel support" person, you should know that already.
    If I can't find any help either in my research (which I am doing right now, I have another tab open where I'm searching other sites/forums for variations of my problem), OR from here, I WILL contact Knownhost.

    And the entire purpose of this forum is for helping eachother - if everyone said "you lazy ****, go ask your host" this entire forum would be utterly useless.

    It is well documented how super smart and intelligent you are. Can we please stick to the topic now?
    This bantering is probably keeping people away that could help me with my question.

  14. #14
    Join Date
    May 2009
    Location
    London, United Kingdom
    Posts
    472
    Hello,

    How are you running PHP? As suPHP, DSO or something else? How is your upload folder chmoded? 777?
    KnownSRV.com - Privacy. Managed. Secure. Guaranteed!
    Web Hosting | Dedicated Cloud VPS | Dedicated Server
    YOUR Day and Night, Fully Managed Hosting Solutions with REAL 24/7 Support

  15. #15
    Join Date
    Jun 2003
    Posts
    367
    Ok. How you managed to answer those questions without telling me anything useful is hilarious.

    The directory location actually does matter because the permissions of the parent folder can come into play. Most likely it's /home/user/public_html


    They are reset to permissions that are un-writable. I'm surprised this wasn't obvious to you.
    To be explicit, it's reset to the cpanel username (ie. account owner)
    I asked about permissions. Not just the ownership of the folder. unwritable for who? user, group, or other? All three?

    paste the output of ls -la

    Edit: Actually, I just re-read this. Your running something like
    chown -R nobody: /home/user/public_html

    If so that's your problem. The owner should NOT be nobody.

    php uploads & chmodding work out-of-the box? If that were true, there wouldn't be so many topics on similar forums with an over-abundance of varied questions.
    This is because most people are morons and don't take 10 minutes to actually understand UNIX permissions. To be fair most of the techs I work with don't understand them either.

    Really? I'm surprised you didn't know this, seeing how you told me my host was a moron for allowing php to run as nobody
    I never actually said that. I do think you are an idiot for doing it though so I suppose I'm guilty as charged.

    Apache upgrade
    I'm actually kind of surprised with this answer. It's almost useful.

    If you look at my responses in the past you'll see when there is actually useful information in the post I do provide detailed instructions.
    Common sense is not so common.

  16. #16
    Join Date
    Jun 2003
    Posts
    367
    This should fix the ownership and permissions if that's what you've been doing.

    Code:
    chown -R ${USER} /home/${USER}/public_html
    find /home/${USER}/public_html -type f -iname '*.php' -exec chmod 664 {} \;
    find /home/${USER}/public_html -type d -exec chmod 775 {} \;
    Note: These are tended to make it work. This will not be as the most appropriate permissions for every case.
    Common sense is not so common.

  17. #17
    Join Date
    May 2007
    Posts
    442
    How are you running PHP? As suPHP, DSO or something else? How is your upload folder chmoded? 777?
    PHP is running as cgi with chmod at 0755

    Ok. How you managed to answer those questions without telling me anything useful is hilarious.
    I recall you stating earlier in this thread:
    "You asked a question with a vague description and expect a serious answer?" ...............

    The directory location actually does matter because the permissions of the parent folder can come into play. Most likely it's /home/user/public_html
    Ok, I wasn't aware of that. The actual location is /home/user/public_html/images
    "images" being the problem: it works fine once I change permissions to "nobody" - as soon as Apache updates, the permissions are re-assigned to my cpanel username thus breaking my script until I go in and manually change the permissions back to "nobody"

    I asked about permissions. Not just the ownership of the folder. unwritable for who? user, group, or other? All three?
    Permissions: 0755
    Unwritable for everyone, except nobody.

    paste the output of ls -la
    Code:
    root@server [~]# ls -la
    total 172
    drwxr-x--- 13 root root  4096 May 14 11:53 ./
    drwxr-xr-x 22 root root  4096 May 11 07:58 ../
    -rw-------  1 root root   957 Apr  7 21:15 .accesshash
    -rw-------  1 root root  3638 Apr 29 01:48 .bash_history
    -rw-r--r--  1 root root    24 Jan  6  2007 .bash_logout
    -rw-r--r--  1 root root   191 Jan  6  2007 .bash_profile
    -rw-r--r--  1 root root   176 Jan  6  2007 .bashrc
    drwxr-xr-x  3 root root  4096 Feb  7 14:44 .cpanel/
    drwxr-xr-x  4 root root  4096 Feb  7 14:44 cpanel3-skel/
    drwx------  7 root root  4096 Apr  9 11:56 .cpobjcache/
    -rw-r--r--  1 root root   100 Jan  6  2007 .cshrc
    -rw-r--r--  1 root root 46294 Apr 11 16:24 exim.conf
    -rw-r--r--  1 root root 26257 Apr 11 16:24 exim.pl
    -rw-r--r--  1 root root    26 Apr 12 15:04 .forward
    drwx------  2 root root  4096 Apr  8 11:55 .gnupg/
    drwx------  2 root root  4096 Feb  7 15:46 .HttpRequest/
    drwx------  4 root root  4096 Feb  7 14:44 .MirrorSearch/
    -rw-------  1 root root    41 Apr  7 21:15 .my.cnf
    -rw-r--r--  1 root root   264 Apr 17 20:56 .pearrc
    drwxr-xr-x  2 root root  4096 Feb  8 09:55 public_ftp/
    drwxr-xr-x  3 root root  4096 Feb  7 14:44 public_html/
    -rw-------  1 root root  1024 Apr 28 21:27 .rnd
    drwx------  3 root root  4096 Feb  7 14:44 .spamassassin/
    drwx------  2 root root  4096 Sep  2  2010 .ssh/
    -rw-r--r--  1 root root   129 Jan  6  2007 .tcshrc
    drwxr-xr-x  3 root root  4096 Apr  8 11:59 tmp/
    Edit: Actually, I just re-read this. Your running something like
    chown -R nobody: /home/user/public_html

    If so that's your problem. The owner should NOT be nobody.
    What should it be, then?

    This is because most people are morons and don't take 10 minutes to actually understand UNIX permissions. To be fair most of the techs I work with don't understand them either.
    Unix commands, permissions etc. aren't second nature to anybody. It requires learning & understanding. Some people simply don't have the ability to learn such things - it doesn't make them a moron. I'm sure you're not a mathematician, so for a mathematician to call you a moron would be out of line. Nobody can be perfect at everything.

    I never actually said that. I do think you are an idiot for doing it though so I suppose I'm guilty as charged.
    I've explained to you earlier in this thread why my setup is what it is. Again, it is only my sites & scripts on this server.

    This should fix the ownership and permissions if that's what you've been doing.
    I'm just taking a gander here but this code looks as if it chmods php files to 0644, folders to 0755 - both of which are already in place.

    This line:
    chown -R ${USER} /home/${USER}/public_html

    Would make owner ship of my cpanel username recursive, correct; I assume that means the permissions would copy to every file & folder contained?
    While doing so, the write permissions would be disabled. Only "nobody" can write to these folders; which (if I am not mistaken) is due to my current setup of php running as cgi. If I change them to my cpanel username (which I can easily do via SFTP by right-clicking, I would essentially disable the upload abilities.

    Correct me if I misunderstood your command.

  18. #18
    Join Date
    May 2007
    Posts
    442
    While playing around with 1 of the VPS', I deleted the self-signed cert, assigned a dedicated IP to the only domain on this box.

    I re-generated the cert and instead of assigning the cert to "nobody" as I did before, I assigned it to the cpanel username; all directories became unwritable that were registered to "nobody" - so I changed the permissions to my cpanel username. I can now write to them under my cpanel username. That should solve the Apache update issue for this VPS.


    So basically, this is my problem that I couldn't figure out how to word properly:
    - ssl cert is self-signed, assigned to "nobody"
    - my upload script is running under https, meaning: I can only upload through this form if "nobody" is the folder owner.
    - when apache updates, the "nobody" folders are re-assigned to my cpanel username.

    My problem with VPS #1 is solved, but on VPS #2, I have 2 domains/completely different sites so I'm wondering if this is solvable without having to lose the self-signed cert for 1 of the domains.

  19. #19
    Join Date
    Jun 2003
    Posts
    367
    The command recursively sets the owner of the files and folders to your user name. replace ${USER} with the user name.

    The SSL ownership has nothing to do with the file permissions.

    cPanel's easyApache is reverting the permissions because they are not correct.

    The owner should be the cPanel user name and the group should by nobody. That's why you want the permissions at 664 and 774.

    I was looking of the output of:
    ls -la /home/${USER}/public_html/

    Just because it's only your sites and scripts doesn't make it any better. It's still a bad idea.

    Do you really just type in commands without really understanding what they do? You should never run command without understand exactly what it does.

    Code:
    USER="myuser"
    # change the owner to ${USER} and the group to nobody.
    chown -R ${USER}:nobody /home/${USER}/public_html
    # give read, write permissions to owner and group. read to everyone else.
    find /home/${USER}/public_html -type f -iname '*.php' -exec chmod 664 {} \;
    
    # give read, write, and execute to owner and group. give read and execute to everyone else.
    find /home/${USER}/public_html -type d -exec chmod 775 {} \;
    You don't have to be a mathematician to understand Linux permissions. You just need to be able to add. Read an article on it.
    2^0 = 1 = execute
    2^1 = 2 = write
    2^2 = 4 = read

    read + write + read = 1 + 2 + 4 = 7

    read + write = 4 + 2 = 6

    read + execute = 5
    Common sense is not so common.

  20. #20
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,737

    *

    The reason why changing ownership of everything to nobody is a Really Bad Idea(TM) is that every other user on your shared host will have access to read, write and change your website. That's bad.

    You should run, not walk, to a host that doesn't run PHP scripts as nobody. For similar reasons, that's highly insecure.

  21. #21
    Join Date
    May 2007
    Posts
    442
    The owner should be the cPanel user name and the group should by nobody. That's why you want the permissions at 664 and 774.
    Thank you

    Do you really just type in commands without really understanding what they do? You should never run command without understand exactly what it does.
    uh? NO. That is why I clarified your command prior to running it.

    brianoz - It is evident you didn't read any of the posts in this topic before replying!

  22. #22
    Join Date
    Jun 2003
    Posts
    367
    Booze!

    Seriously though. You should fix suPHP.

    Shared SSL certificates work with suPHP. We use both on all our servers.
    Common sense is not so common.

  23. #23
    Join Date
    May 2007
    Posts
    442
    I got suphp working on the first VPS, I just reinstalled the cert under the cpanel username & changed permissions. Works just like before, except under better security.

    The 2nd server I will attempt the same, just need to make sure traffic is low when I try it. Thanks for the help.

  24. #24
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,737
    Quote Originally Posted by gpl24 View Post
    brianoz - It is evident you didn't read any of the posts in this topic before replying!
    No doubt (there was a lot of fluff); but my points are still valid.

    Even if it's only your sites, breaking into one site would give access to all the others, so well done for getting suphp going. Remember there are faster alternatives that give the same security, so if performance becomes an issue check into fastcgi and MPM worker etc.

Similar Threads

  1. DA giving prob with chmod permissions
    By koolnhot in forum Programming Discussion
    Replies: 8
    Last Post: 06-23-2010, 12:38 PM
  2. setting chmod/file permissions on ws03
    By mr360solutions in forum Dedicated Server
    Replies: 0
    Last Post: 12-01-2004, 04:51 PM
  3. CHMOD Permissions
    By stripeyteapot in forum Web Hosting
    Replies: 6
    Last Post: 09-08-2004, 10:40 AM
  4. CHMOD permissions
    By kaboomski in forum Web Hosting
    Replies: 5
    Last Post: 08-26-2002, 10:15 PM
  5. How do I reset all the permissions
    By certify in forum Hosting Security and Technology
    Replies: 4
    Last Post: 08-04-2001, 10:33 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •