Cpanel / SuPHP – chmod All Files 644, All folders 755

Posted on by Randy

When switching from DSO to SUPHP in cpanel (a must for anyone who takes security seriously on a public webserver), one must pay careful attention to the insecure permissions of user’s public_html folders.  The following commands will look in every user’s html folder and make the appropriate CHMOD to allow php to properly execute under SUPHP.  Don’t forget to also check for files owned by ‘nobody’ or ‘root’ — they will also fail with a 500 error.

find /home/*/public_html/ -type d -print0 | xargs -0 chmod 0755 # For directories
find /home/*/public_html/ -type f -not -name "*.pl" -not -name "*.cgi" -not -name "*.sh" -print0 | xargs -0 chmod 0644 # For files
find /home/*/public_html/ -type f -name "*.cgi" -print0 -o -name "*.pl" -print0 -o -name "*.sh" -print0 | xargs -0 chmod 0755 # For CGI/Scripts

UPDATE: Part 2 – Fixing Ownership

UPDATE: File permission command updated to exclude Perl/CGI. These still need to be 755 (not 644).

UPDATE: Exclude files in 644, add another for scripts/cgi. These still need to be 755 (not 644).

12 Responses to Cpanel / SuPHP – chmod All Files 644, All folders 755

  1. Tom Egan says:
    June 24, 2009 at 11:46 am

    Hi Randy,

    Yhe script is changing files to 664, should it be 644?

    1. admin says:
      June 24, 2009 at 11:56 am

      Tom, good catch. I will update the script accordingly!

  2. Tom Egan says:
    June 24, 2009 at 1:44 pm

    This is a very helpful, to the point post!

    Could you add the script for the user change from nobody to the file owner? With that added, would give many people the right answer instead of the multitude of uninformed guesses that abound on the forums.

    Best,

    Tom

  3. Randy says:
    June 24, 2009 at 4:49 pm

    ^^ I will definitely be creating a script like that soon but it is more complicated than the chmod hack. As soon as I come across a server in need I’ll create it and certainly post it up.

  4. hi says:
    December 14, 2009 at 3:55 pm

    **** SuPHP, thanks for the tips though ! 🙂

    1. Randy says:
      December 14, 2009 at 9:13 pm

      I agree, it can be a pain when you first move to suphp. But in the end, it’s SOOOO much better for your users not having to ever deal with or change permissions ever again. Everything just starts working because the customer’s php is running as the correct user instead of ‘apache’ or ‘nobody’ which apache runs as.

  5. Scott says:
    February 22, 2010 at 1:20 pm

    What about files that have been written to the server using PHP upload?
    Will this affect anything?
    Do we need to reset those directories to 777?

    1. Randy says:
      February 22, 2010 at 1:30 pm

      All folders 755, all files 644. No exceptions, even for php upload and temp folders.

  6. Adrian says:
    April 22, 2010 at 10:36 am

    Thanks! Currently migrating to suPHP my server…

  7. Eric Danielson says:
    February 22, 2011 at 7:52 pm

    Thanks – git just threw a fit about file modes and I didn’t know I needed +x on the folders.
    The find lines are great – I’m filing those away for future use!

  8. chmod777 says:
    March 11, 2015 at 11:01 am

    root@l1 [/home/ithagadol/public_html]# find /home/ithagadol/public_html/ -type f -name “*.cgi” -print0 -o -name “*.pl” -print0 -o -name “*.sh” -print0 | xargs -0 chmod 0755

    chmod: missing operand after `0755′
    Try `chmod –help’ for more information.

  9. pjrfigueiredo says:
    September 21, 2015 at 2:02 pm

    argggg
    tnksss

    it saved my day/week! 🙂