The EasyApache 4 FileProtect Option
Last modified: December 23, 2020
Overview
The EasyApache FileProtect option improves the security of each user’s public_html
directory. In EasyApache 4, the system enables this option by default.
Usage
Use this option to set permissions for each cPanel account user’s public_html
directory and each addon domain’s document root directory. This allows only Apache and the user to view its contents.
When you enable this option, EasyApache performs the following actions:
-
Creates the
/var/cpanel/fileprotect
file.Note:When you disable this option, EasyApache removes this file. -
Executes the
/usr/local/cpanel/scripts/enablefileprotect
script, which sets more secure permissions for each user’s/public_html
directory. -
Sets the user’s
/home/username/
directory to0711
permissions. -
Sets all document root directories’ GroupID to the
nobody
user and0750
permissions.Note:If you enable the
mod_ruid2
ormod_mpm_itk
Apache modules, EasyApache will set all document root directories’ GroupID to theusername
user.
When you disable this option, EasyApache resets the permissions to their default settings. To do this, EasyApache performs the following actions:
-
Sets the user’s
/home/username/
directory to0711
permissions. -
Sets the user’s
/home/username/public_html
directory Group ID to theusername
user and0711
permissions. -
Sets each addon domain’s document root directory to
0711
permissions.
Requirements
This option does not possess any requirements.
Compatibility
-
This option works when you enable the
mod_ruid2
Apache module. -
This option does not possess any known compatibility issues.
Enable or Disable FileProtect
In the interface
You can enable or disable the FileProtect option with the Enable File Protect option in the Security section of WHM’s Tweak Settings interface (WHM » Home » Server Configuration » Tweak Settings).
This option defaults to on.
On the command line
To enable the FileProtect option, run the following script:
/usr/local/cpanel/scripts/enablefileprotect
To disable the FileProtect option, run the following script:
/usr/local/cpanel/scripts/disablefileprotect
For more information about these scripts, run these scripts with the --help
flag.