When switching from DSO to SUPHP in cpanel (a must for anyone who takes security seriously on a public webserver), one must pay careful attention to the insecure permissions of user’s public_html folders. The following commands will look in every user’s html folder and make the appropriate CHMOD to allow php to properly execute under SUPHP. Don’t forget to also check for files owned by ‘nobody’ or ‘root’ — they will also fail with a 500 error.
find /home/*/public_html/ -type d -print0 | xargs -0 chmod 0755 # For directories find /home/*/public_html/ -type f -not -name "*.pl" -not -name "*.cgi" -not -name "*.sh" -print0 | xargs -0 chmod 0644 # For files find /home/*/public_html/ -type f -name "*.cgi" -print0 -o -name "*.pl" -print0 -o -name "*.sh" -print0 | xargs -0 chmod 0755 # For CGI/Scripts
UPDATE: Part 2 – Fixing Ownership
UPDATE: File permission command updated to exclude Perl/CGI. These still need to be 755 (not 644).
UPDATE: Exclude files in 644, add another for scripts/cgi. These still need to be 755 (not 644).
12 Responses to Cpanel / SuPHP – chmod All Files 644, All folders 755
Yhe script is changing files to 664, should it be 644?
Tom, good catch. I will update the script accordingly!
This is a very helpful, to the point post!
Could you add the script for the user change from nobody to the file owner? With that added, would give many people the right answer instead of the multitude of uninformed guesses that abound on the forums.
^^ I will definitely be creating a script like that soon but it is more complicated than the chmod hack. As soon as I come across a server in need I’ll create it and certainly post it up.
**** SuPHP, thanks for the tips though ! 🙂
I agree, it can be a pain when you first move to suphp. But in the end, it’s SOOOO much better for your users not having to ever deal with or change permissions ever again. Everything just starts working because the customer’s php is running as the correct user instead of ‘apache’ or ‘nobody’ which apache runs as.
What about files that have been written to the server using PHP upload?
Will this affect anything?
Do we need to reset those directories to 777?
All folders 755, all files 644. No exceptions, even for php upload and temp folders.
Thanks! Currently migrating to suPHP my server…
Thanks – git just threw a fit about file modes and I didn’t know I needed +x on the folders.
The find lines are great – I’m filing those away for future use!
root@l1 [/home/ithagadol/public_html]# find /home/ithagadol/public_html/ -type f -name “*.cgi” -print0 -o -name “*.pl” -print0 -o -name “*.sh” -print0 | xargs -0 chmod 0755
chmod: missing operand after `0755′
Try `chmod –help’ for more information.
it saved my day/week! 🙂