Upgrading To VPS - User And Group Permissions
Jul 23, 2009
I've finally made the leap to upgrading from shared hosting to a VPS. I'm still setting up my configuration before I point the domain name to my new server, but for now, I have the site mirrored and I'm ensuring that all is running well. For the most part, everything is working, but I am running into a few permission issues...
As of right now, all the files in my htdocs directory are owned by root, and I am logging into my FTP client as root. However, I'm pretty sure that this is not how I should be doing this, because I need to allow write permissions to some folders from my php scripts.
I was just curious, how do you you guys set up the users and groups on your linux servers (running apache). I'm just not certain of the best way to handle it. Should I make a new FTP user, and if so, what group should it go in? Should that user be the owner of all the web files? When is it safe to set folder permissions to 777?
View 4 Replies
ADVERTISEMENT
Jan 6, 2015
We have several sites on one server. When I use the plesk wordpress manager it some how updates the User and Group permissions on folders and files with the username apache. How or what command do I run to get it to use the site username and psacln. It appears something maybe in an update or whatever has caused this issue. This only occurs with wordpress and drupal updates from the plesk interface.
What command can I run just to update the permissions to update all users to a username and psacln security settings on folders and directories.Running Plesk 12.0.18 and CentOS7
View 1 Replies
View Related
Nov 15, 2008
Currently I have
Umask 027
The problem is, how do I get the group to be set as apache on a file/dir upload? I really do not like having other permissions set, as it can be a security risk, allowing others to access someone else's files.
Another issue is, I can't remove privileges, but I can add them.
copy of proftpd.conf:
Code:
ServerName "FTP"
ServerType standalone
Port 21
PassivePorts 35000 35999
UseReverseDNS off
TimesGMT off
TimeoutLogin 120
TimeoutIdle 600
TimeoutNoTransfer 900
TimeoutStalled 3600
#MaxCients 20 "Sorry, the maximum number of allowed users are already connected (%m)"
#MaxClientsPerHost 2
#MaxClientsPerUser 2
MaxConnectionsPerHost 6 "Sorry, you may not have more then 6 connections open at a time"
MaxHostsPerUser 6 "Sorry, you may not connect more than 6 times"
ScoreboardFile /var/run/proftpd/proftpd.pid
TransferLog /var/log/proftpd/xferlog.legacy
LogFormat default "%h %l %u %t "%r" %s %b"
LogFormat auth "%v [%P] %h %t "%r" %s"
LogFormat write "%h %l %u %t "%r" %s %b"
#DON'T modify this log format. Its used by DirectAdmin to determine user usage
LogFormat userlog "%u %b"
ExtendedLog /var/log/proftpd/IP.bytes WRITE,READ userlog
AuthUserFile /etc/proftpd.passwd
DefaultServer on
#AuthPAM off
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/proftpd.tls.log
TLSProtocol TLSv1
TLSVerifyClient off
TLSRequired off
#Certificates
TLSRSACertificateFile /etc/exim.cert
TLSRSACertificateKeyFile /etc/exim.key
#TLSCACertificateFile /etc/ftpd/root.cert.pem
</IfModule>
<Global>
DeferWelcome on
RequireValidShell no
DefaultRoot ~
DirFakeUser on ftp
DirFakeGroup on ftp
User ftp
Group ftp
#UserAlias anonymous ftp
AllowStoreRestart on
AllowRetrieveRestart on
ListOptions -a
Umask 027 022
DisplayLogin welcome.msg
DisplayChdir readme
AllowOverwrite on
IdentLookups off
ExtendedLog /var/log/proftpd/access.log WRITE,READ write
ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
# Paranoia logging level....
#
#ExtendedLog /var/log/proftpd/paranoid.log ALL default
</Global>
Include /etc/proftpd.vhosts.conf
View 4 Replies
View Related
Aug 27, 2007
I'm making an account for my friend, and I just want him to have access to /var/www/hishomedirectory/
I want him to be able to do anything in that directory (rename files, delete, copy, move, upload, etc..), but not able to use apt-get or play with settings. Not a superuser either.
View 3 Replies
View Related
Dec 18, 2008
After some yum updates last night one user and group called xfs were created on my dedicated server. Does anyone know what this group/user is used for?
View 0 Replies
View Related
Apr 3, 2014
I have opensuse 13.1 on my server and i folow this tutorial: URL....but as you see this is for opensuse 12.2, but i manage to run everythink only apache2 server.Well i get this error, but i run vhost.No user or group set - set suPHP_UserGroup..Well apache2 is rurning as every other thinks on server only web page dont show and i get error: Server error!
The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there was an error in a CGI script.
View 1 Replies
View Related
Jul 27, 2008
APache is running under the "nobody" user/group as default in CPanel servers
as a suggestion I should change it to another user/group to improve security!
But in CPanel servers its hard to do that because you must edit some scripts and files to prevent the backing to nobody when running some scripts such
PHP Code:
/scripts/chownpublichtmls/scripts/enablefileprotect
or when create a new account
Some sites says "the secret of changing the user/group is in the UID/GID of nobody < 100 !"
so I found a solution :
1 - delete the user/goup nobody
2 - recreate it with GID/UID > 30000
3 - run /scripts/chownpublichtmls
so the question is that solution improve security or i should change the user/group to another one! like "www"?
View 3 Replies
View Related
Feb 17, 2015
When a php framework try to create a new folder, it's created with apache: apache owner instead the user and group owned the root folder.
the PHP safe_mode is set to off.
View 3 Replies
View Related
Aug 7, 2007
LXadmin seem to have a preset disk quota limit to users/groups, even root!
So, how do I change these disk quota limits? There isn't an option in the LXadmin control panel either.
View 1 Replies
View Related
Jan 18, 2009
I have a problem with my rsync backup
First of all my setup is thus:
I have a Linux box at the office which has an rsync cron on it which pulls from my web server as a backup. It pulls websites, mysql, conf files etc.
My web server is running debian etch LAMP etc.
When I originally set it up I used root user to log into the web server, and setup keys to authenticate, this worked perfectly.
I then decided that having direct root access to the web server was a bad thing so I have turned off root login (PermitRootLogin no in sshd_config)
I then setup a backup user which works fine for the website files but fails on permissions for the mysql data files (/var/lib/mysql)
How can I get over this without granting root access to the backup user which would defeat the object of not allowing root access.
I have been told about host authentication based on ip address but I have dynamic address at the office so that would be no good
View 2 Replies
View Related
Jul 5, 2007
Does anyone know what could be the cause of this issue? I located a few others over at cpanel.net that have this problem, but no solution has been found.
[url]
I am running a VPS server with the following:
WHM 10.8.0 cPanel 10.9.1-S14304
RedHat 9 i686 - WHM X v3.1.0
phpMyAdmin - 2.9.0.2
MySQL client version: 4.1.10
mysql version: 5.0.27-standard
I have a database user that needs "Super Privileges" and so this was done. However, when Cpanel is updated the user permission is reset automatically from "ALL PRIVILEGES" to "USAGE".
Here's a look at the database permissions from phpMyAdmin.
Code:
User Host Password Global privileges Grant
hello localhost Yes ALL PRIVILEGES Yes
hello_ % No ALL PRIVILEGES Yes
hello_ localhost No ALL PRIVILEGES Yes
The user "hello" loses its "ALL PRIVILEGES" and switches over to "USAGE" if an update is triggered. Updates to cpanel, creating/removing a database/user, and updating the account password will cause the switch.
View 3 Replies
View Related
Jun 29, 2007
I want to use something like PHPBB forums and using one MySQL user and database. Just wondering, what are common user permissions I should set for the user? I want to try to minimize any permissions that can cause big risk to the server security.
Here is a full list of permissions I can grant to the user (via Webmin):
-Select table data
-Insert table data
-Update table data
-Delete table data
-Create tables
-Drop tables
-Grant privileges
-Reference operations
-Manage indexes
-Alter tables
-Create temp tables
-Lock tables
View 3 Replies
View Related
Apr 19, 2008
I am trying to setup a cronjob but cPanel, (Linux Centos 5), tells me that user/bin/crontab permissions are incorrect and need to be changed to 4755 - I try to change permissions in WinSCP [Properties] but it doesn't 'take'.
how to force a change of permissions with SSH (Putty)
View 2 Replies
View Related
May 15, 2008
My Pink Floyd website has a photo section of rare concert pictures that our members upload. We have about 3,000 of these pictures, that our members upload via an FTP server that is hosted on a simple cPanel web hosting account. Someone logged into the account and not only deleted all the pictures, but uploaded obscene pictures and index.html files to some really nasty stuff.
We delete all the obscene stuff, but before we re-upload all the pictures I need to know...
On a cPanel account is there a way to have the FTP User only able to upload files and not edit/delete/change? Somehow we can edit their permission?
I asked HostGator about this and the ChatTech said this cannot be done, and I was a bit surprised. I could easily do this on my own server, but i'm not sure where to start at the user level.
View 7 Replies
View Related
Jul 2, 2014
I believe the product we are using is Parallels Operations Automation.
We have a customer that we want to be able to give the right to unlock user accounts. The only way to do this seems to be to enable "Billing" as one of the privileges. Unfortunately this gives them more access than we really want to. Is there some trick we can use to give this user only these rights?
View 2 Replies
View Related
Sep 3, 2007
Is there any safe way to grant command line permissions to a user/specific account? One that only allows them access to databases on their account.
The problem is that this user intermittently runs queries that cause their database to hang (including PHPMyAdmin, so they can't view the processlist through there), and I have to manually kill that process, because they can't.
Server is 2.4.21 with MySQL 4.0.27, admin is cPanel WHM.
View 7 Replies
View Related
May 6, 2015
We cant' modify any files of my website in WordPress that contain user www-data.
How can you can change the permissions to this user (www-data).
The version is Plesk 12.0.18 Actualización #44
We have also Plesk 11.5 with WordPress and never has www-data user.
View 3 Replies
View Related
Nov 21, 2014
I have just used rsync to backup a dedicated server to a new cloud server. I put the files in a plesk webspace 'Backup' folder for ease of use (gui). In File Manager for that webspace it shows the folder user and group as root, which is obviously correct as rsync maintains users etc?
Thats fine, I just wanted to be able to back them up along with the rest of the server configuration and content.
However, when I run backup it says "For security reasons, backing up is performed on behalf of subscription's system user. This system user has no read access to:" and "So it was not backed up. All other data was backed up successfully. To fix this issue you may grant access read/write to the file or directory for system user "(username)" or "apache"."
I don't know how to give read/write access to the system user? Through file manager there is no option to change permissions.
View 1 Replies
View Related
May 13, 2008
I have a question regarding running Mediawiki on my server and the user/group "nobody", which seems to be causing problems as far as file permissions go.
When a file is uploaded via mediawiki, it's assigned the group/user of "nobody"
This means I can't change the file's permissions via ftp or ssh, unless I login as root and chmod/chown the file back to the proper user.
View 8 Replies
View Related
Jul 25, 2007
Is there a way to do so in cpanel using ip deny manager?
View 4 Replies
View Related
May 7, 2007
I thought I knew enough about my .htaccess stuff to do this, but I can't seem to work it out. What I want to do is if a user visits domain.com/folder, we check to see if the folder exists. If so, show as normal (IE domain.com/support)
If a user visits domain.com/dynamicusername (dynamicusername is not a physical folder), redirect to dynamicusername.domain.com
View 3 Replies
View Related
Mar 8, 2007
i have a main server that is connected online & now live with a static IP address. at the local network, i have 6 other PCs running apache that is connected to the main server.
since i can only effort for 1 IP now, how can i have the local connected servers to be viewable from the internet as well like some normal web URLs?
View 5 Replies
View Related
Aug 3, 2007
in a domain environment, how do I enable users to be able to access the Desktop properties and allow them to change their wallpapers. I know it should be a simple one but I'm still looking through policies but can't find what can be. By default/ after some group policy changes, all users are denied from accesing this properties window.
View 4 Replies
View Related
Jan 6, 2008
(1) I installed my modernBill on the server.
(2) I changed the DocumentRoot in httpd.conf and point to a different folder in my server. (whatever I guess it really didnt do anything to my problem)
(3) I Opened the Modernbill software on the but cpanel is not showing in the ServerGroup.
View 1 Replies
View Related
Nov 5, 2007
I want to add 50 emails to a group called group50@service.com
Then from anywhere in the world I can login to an email client, compose a message to group50@service.com. And it will send my message to all 50 users.This is not limited to just my account, but universal to anyone.
View 3 Replies
View Related
Apr 1, 2008
I have just restored an account to my directadmin box and it appears to have restored with the wrong owner / group.
Easy I thought, a quick 'chmod secure.secure -R *' should crack that but how wrong was I.
After running that I get the error: chown: invalid option -- o
Now - both the user and the group exist, so why won't the files change owner and group?
View 6 Replies
View Related
