Cpanel / SuPHP – chmod All Files 644, All folders 755

When switching from DSO to SUPHP in cpanel (a must for anyone who takes security seriously on a public webserver), one must pay careful attention to the insecure permissions of user’s public_html folders.  The following commands will look in every user’s html folder and make the appropriate CHMOD to allow php to properly execute under SUPHP.  Don’t forget to also check for files owned by ‘nobody’ or ‘root’ — they will also fail with a 500 error.

find /home/*/public_html/ -type d -print0 | xargs -0 chmod 0755 # For directories
find /home/*/public_html/ -type f -not -name "*.pl" -not -name "*.cgi" -not -name "*.sh" -print0 | xargs -0 chmod 0644 # For files
find /home/*/public_html/ -type f -name "*.cgi" -print0 -o -name "*.pl" -print0 -o -name "*.sh" -print0 | xargs -0 chmod 0755 # For CGI/Scripts

UPDATE: Part 2 – Fixing Ownership

UPDATE: File permission command updated to exclude Perl/CGI. These still need to be 755 (not 644).

UPDATE: Exclude files in 644, add another for scripts/cgi. These still need to be 755 (not 644).

12 Responses to Cpanel / SuPHP – chmod All Files 644, All folders 755

  1. Tom Egan says:

    Hi Randy,

    Yhe script is changing files to 664, should it be 644?

    1. admin says:

      Tom, good catch. I will update the script accordingly!

  2. Tom Egan says:

    This is a very helpful, to the point post!

    Could you add the script for the user change from nobody to the file owner? With that added, would give many people the right answer instead of the multitude of uninformed guesses that abound on the forums.

    Best,

    Tom

  3. Randy says:

    ^^ I will definitely be creating a script like that soon but it is more complicated than the chmod hack. As soon as I come across a server in need I’ll create it and certainly post it up.

  4. hi says:

    **** SuPHP, thanks for the tips though ! 🙂

    1. Randy says:

      I agree, it can be a pain when you first move to suphp. But in the end, it’s SOOOO much better for your users not having to ever deal with or change permissions ever again. Everything just starts working because the customer’s php is running as the correct user instead of ‘apache’ or ‘nobody’ which apache runs as.

  5. Scott says:

    What about files that have been written to the server using PHP upload?
    Will this affect anything?
    Do we need to reset those directories to 777?

    1. Randy says:

      All folders 755, all files 644. No exceptions, even for php upload and temp folders.

  6. Adrian says:

    Thanks! Currently migrating to suPHP my server…

  7. Thanks – git just threw a fit about file modes and I didn’t know I needed +x on the folders.
    The find lines are great – I’m filing those away for future use!

  8. chmod777 says:

    root@l1 [/home/ithagadol/public_html]# find /home/ithagadol/public_html/ -type f -name “*.cgi” -print0 -o -name “*.pl” -print0 -o -name “*.sh” -print0 | xargs -0 chmod 0755

    chmod: missing operand after `0755′
    Try `chmod –help’ for more information.

  9. argggg
    tnksss

    it saved my day/week! 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Anti-Spam Quiz: