Auto fix for file permissions and ownership

October 22, 2011 — 85 Comments


Updated: 03/21/15 – I’ve moved the script to GitHub! Hooray! See it here:
https://github.com/PeachFlame/cPanel-fixperms


suPHP and FastCGI require files and folders to have a specific set of permissions/ownership from other handlers. Without these permissions set you will see a lot of errors such as: “403 Forbidden”, “500 Internal Server Error”, or simply generic errors that commonly have the word ‘permission’ in them.

It can be very time consuming to track down and check file permissions across a whole server. Luckily, fixing this on a cPanel box can be scripted. This gives us a quick and very easy script you can wget to any cPanel server. Simply run the ‘fixperms’ script, specifying the user (or all users), sit back and watch the errors just disappear. I use this script daily in my administrative work and it never fails! It is simply a good generic fix if you cannot find your permission problem, or if you have just switched your handler and need a quick way to change every user account on the server.

Credit does not go to me though. A good buddy of mine, Colin R., wrote this for ServInt. Thanks Colin for making lives easier!

***WARNING!!! The following scripts are intended for suPHP or FastCGI. If you are not running either of these two handlers, be aware of how the script works and the changes it makes. The code is posted at the end of this article; please take a moment to review it. For example, when running DSO, some files/folders may need to be owned by ‘nobody’ in order to function properly (such as in certain WordPress functions or PHP based file uploads). Running this fixperms will set everything to USER:USER. Under DSO, this is potentially not a problem for most sites, except a few core functions may not work. You can always change specific files later if any errors pop up.

Furthermore, it is highly recommended that you run a full backup of your server before running fixperms or any other script that makes changes to multiple files.

This ‘fixperms’ script is intended for cPanel servers only. It is dependent on cPanel’s internal scripts and file structure. If you’re on anything else (such as Plesk), it will simply fail to run. It won’t be able to do anything.

I know that criteria sounds very specific, but those two conditions cover a large number of the reseller/multi-user hosting servers out there. And that’s really the crowd that would benefit most from an automated script such as this.

That all being said, if you are running suPHP or FastCGI, press on; for this script will work flawlessly for you and potentially save you a TON of time & hassle.

Fixperms – for one single user

To use the fixperms script, simply log into your server as root, wget the file from GutHub, then run it. Type in the cPanel username and it will run only for that particular account.

It does not matter which directory you are in when you run fixperms. You can be in the user’s home directory, the server root, etc. The script will not affect anything outside of the particular user’s folder.

Fixperms – for all of the users

If you would like fix the permissions for every user on your cPanel server, simply use the ‘-all’ option:

Verbosity of Fixperms

By default, the script runs in a ‘quiet’ mode with minimal display. However, if you’re like me, you may want to see everything that is happening. You can turn on verbosity and have the script print to the screen everything that is being changed. I find this extremely useful when fixing large accounts that have many files. You can watch the changes as a sort of ‘progress bar’ of completion. The ‘-v’ option can be used per account or with all accounts.

For one single account:

For all accounts:

The code itself, what’s in it?

*Update: I’ve moved the script to GitHub. Now you can more easily see what’s in the code, I can better track updates, and you can make changes yourself. Hooray! See it here:

https://github.com/PeachFlame/cPanel-fixperms

I understand that it can be a big security concern to simply ‘wget’ a file from a website you found, and then blindly run it on a production server. I understand your fear; I’m right there with you and would likewise be leery and very hesitant. However, I promise you that there is no malicious intent in this or anything you will ever get from my site. I have pasted the content of the file below for your examination.

So there you have it. An effective permissions fix for your cPanel account. When you run this, people will think you’re a hero! So, go forth and save your users from the evils of site errors!

Note about this article

This article is one I had written for the ServInt blog as part of the ‘Tech bench’ series. You can view it on the ServInt blog here. They are using my article with my permission.

Change Log:

  • 03/21/15 | Moved code to GitHub
  • 09/17/14 | Smalls tweaks in the wording for error reporting
  • 03/30/13 | Added support for Subdomains and Addon domains that have their document root outside the public_html folder, Cleaned up the output display, Removed the cPanel mail perms script because it essentially does nothing, moved fixperms.sh location to a central ‘utilities’ folder (left a 301 redirect for the old location)
  • 01/03/13 | Corrected the inconsistency between using -all and –all (when employing verbosity)
  • 06/03/12 | Updated warning verbage for DSO
  • 05/10/12 | Bug fix for file names that contain special characters
  • 01/26/12 | New feature rich script written by Colin R.

Jacob "Boom Shadow" Tirey

Posts Twitter

A linux web hosting administrator, a professional production sound man, and a renegade cop without nothing left to lose.... Ok, that last part is made up. In all seriousness, my passion in life is to help people; whether that be with help running their sites or with their productions. The name 'Boom Shadow' was given to me by a great group of filmmakers called Star Wipe Films. back in 2005 and has been with me since. I hope my site is helpful to you, and if there's something you need, drop me a line!
  • Michael Brunner

    I get always the following error, when I use the option -all:

    chown: invalid user: `system.system’

    There exists a /var/cpanel/users/system file, but this is not a real user.

    Is it possible to exclude this user?

  • Leon Beilis

    awesome script thank you very much

  • Arash Ohadi

    it really help me .I got 0000 permition on my “wp-content” suddenly (i dont know why !)and my wordpress site goes down. even with root access chmod command not working but with ur script my problem solve;THANK YOU

  • Patrick

    worked like a charm… thanks

  • Ahmed Anssaien

    Is it possible to undo the changes?

    • There is no automatic method for undoing the changes. If you look at the code, it runs “chmod” and “chown” commands. You’d have to manually ‘chmod’ & ‘chown’ back the files you want.

      To ‘undo’ would require creating a log of files/dirs that were changed and what they do. Then the script would have to be able to load that file later to know how to rerun.
      If you wanted to submit a pull request to make the script do that, please feel free!

  • It’s work great for /home directory. But how to run this script for those accounts which moved in disk 2 which mounted as /home2 directory?

  • it works very well to solve my permission issues, Thank You!

  • This worked for me ..thanks Jacob !

  • Nick Galanti

    Can I tell you how much I appreciate this! You saved me so much headache and drama.

  • devcent

    Thank you so much Jacob, I been fixing the permission of my website whole day without luck and your script fixed it in just 2 sec. Btw is there any way to run the script after the creation of subdomain?

  • Its work great, but still have 1 issue, like my existed accounts are in /home2 so i have to edit the “fixperms .sh” files to fix the permissions.

    BTW its a great tools help me to fix all files permission easily..

    • It’s funny you should mention that. Will Ashworth just submitted his pull request to add that functionality to the script. So, now it’ll run fixperms for home directories that is different places such as: /home2, /home3, etc…

      Try out the newest version and let us know if you see any problems still 🙂

  • NOS

    Thank you! Thank you! I was paranoid and was not gonna give it a try until I saw the source code on this page and how simple it was to go through and make sure nothing fishy!

    • I certainly share your concerns when I see blog posts the tell me to wget a file. I’m so glad you posted that. It got me thinking that I really should migrate this to GitHub. So, that has been done. Thanks for the comment!

  • Johan Magnus ’94

    yo this was insanely helpful…thanks

  • Andrés Mauricio

    Worked like a charm. Thank you very much.

  • Stergios

    Great script, thank you!

  • MassimoDIfa

    Hey thank you very much Jacob!

  • safiweb

    Thank you for the script, worked smoothly and my server permission issues were solved within a minute.

  • Alex Emile

    Thanks, this really helped after another tech done a dodgy chown

    • I’ve had that happen a number of times, many of them caused by me sometime. Heh heh. It’s a good ‘save my butt’ script.

  • Émerson Felinto

    I am Brazilian, congratulations, helped me a lot with your script, thank you, very good, very good!
    Translation by Google
    ———————————————————————————————————–
    Sou brasileiro, parabéns, me ajudou muito com seu script, obrigado, muito bom, muito bom mesmo!

  • Fawzi Breidi

    does this include directadmin support?

  • Eco pixel

    This is such a great tool

  • Tiago

    Many thanks for this script, very nicely done. However I every time I try to run it as a cron I get many outputs of “tput: No value for $TERM and no -T specified”, any idea why that happens?

  • This sounds really useful. Would you have a DSO version of the script?

    • Sorry for the incredibly late reply. I don’t have a DSO version specifically. It will still run for DSO, just know that any scripts that need to write to file won’t be able to anymore. The best example of this is WordPress image uploads. After running ‘fixperms’, you’ll have to go back and manually change the WordPress uploads folder to be owned by ‘nobody’.

  • Just a quick message to appreciate what you’re doing here. A life saver of a script. THANKS!

  • Pingback: Thoughts++ | 4 oh 3 oh no – What was with all of those pesky 403 errors.()

  • Shirleyson

    WOW, This Really saved my life and alot of time! thank you very much

  • Pingback: DSO (mod_php) vs. CGI vs. suPHP vs. FastCGI | VSERVER Tutorial()

  • Really awesome script!! Thank you!! Just ran in on a few accounts. Works perfectly!

  • Wow! I wish I had found this earlier…though I didn’t know it was my problem.

    In case this comment gets picked up by other search engines my problem was on CentOS with a Mercurial repository the folder and all the .php files were not accessible and caused 403 error. I corrected the 403 error via cPanel to first mark the repository folder as Index list able by removing the No Indexing setting in the Index Manager, and then saving it back with No Indexing…probably changed some permissions on the folder at that point. However now all the .php files would not display (though the html files would). Then I ran your script and that fixed the problem. I may not have needed to do the little song and dance with the No Indexing maneuver, but I did that before I found your script.

    I too would be happy to buy you a beer! Thanks a bunch for the code and the explanations

    • I’m so glad to help! What you describe is what I would see people experience all the time. I’ve been there. It’s annoying. Now, just run a quick script and all is good! I’m glad you find it useful!

  • Karthik

    Wonderful script, we use this for all our Linux server regularly.

  • hardcoreware

    Thanks so much for this script, and your thorough explanation on handlers. After constantly fighting with file permissions trying to run various scripts, I finally decided it was time to switch from dso. I’m glad I came across your site!

    If you are into bitcoin post an address, you have a tip coming your way if so!

    • Thanks! I haven’t got into bitcoin yet; it’s on “to try out” list. I appreciate it though 🙂 I’m glad I could be of help to you.

  • David Martin

    If you come to New Orleans I owe you may beers! Thank you!!!

  • Alexandru G.

    Thanks alot, very good script mate!

  • this has been very useful, thank you.
    moving to apache 2.4 on cpanel and of course mod_ruid has mutex issues so have to move to fcgi. this helps a LOT.

  • Vincent

    Thank you for an awesome script! I really appreciate it! 🙂
    QQ – Is there any way to save the result/output to a Text file for later perusal?

    • Hmmmm… Good question. You could run the command and send the output to a log file using ‘tee’. Your command would look like this:
      fixperms -v -a USERNAME | tee /var/log/fixperms.log

      I’ll look into if that’s something that should be built into the script itself as an optional flag. Not sure how many people might want to review the changes, but that’s a simple enough addition. Thanks for the question!

  • Mustafa A

    Thanks for the script! much appreciated..

  • Guest

    Thanks! I really appreciate the efforts 🙂

  • Mailing

    This is my second time here 🙂 Thanks again!

  • You rock! Thanks! Biiiigg help!

  • Steini

    You saved me so much time, you should get a medal for this script. Running this through 100 or so sites is wayyyy better then

    /scripts/whoowns site.comjohndoecd /home/johndoechown -R johndoe:johndoe *chmod +755 public_html

    Instead just sh ./fixperms.sh -all 

    Sit back and relax and chill :).. AGAIN! Killer SCRIPT

    •  Thanks for the compliment! I used to have to run a similar function, but I also hated having to do that for multiple accounts. I’m glad I could help make your life easier!

      • This script is just standard in my setup now, when i set a new server up harden it on the task list is “wget the fixperms script” and you can google “fixperms” and you pop right up. Never take the script away! I am right now using it because i am transferring accounts from ispCP to cPanel so the user permission is messed up in the file when it arrives and it’s just good to be able to do that and restore the right permission so i can work with it on the FTP :)… 

        •  I’m happy to hear it! I promise this script isn’t gong anywhere. I use it too much everyday myself. 🙂

  • Iuli_basu

    Thank you sir! You just save me for half-day work. Works perfectly!

  • Kensai

    Thanks, this script saved me suite some time on my cpanel changing permissions

  • Gordonrankin82

    I’m getting operation not permitted when trying to chown, I am logged in as root

    •  @fe5d877fe8494f8bd3ad582689560407:disqus , that’s odd. I’d be happy to take a closer look. Mind posting the command that you’re running?

  • Abd Samad

    thanks for your script

  • Mailing

    Very useful, I screwed up the perms on a folder and couldn’t work out how to fix it. Your script sorted it in about 4 seconds. Thanks!

  • Amazing. This just saved me a lot of time! 🙂 

  • Simplybe

    script is a great time saver but i have encountered problems with directories that are more than a few directories deep such as joomla sites. it sets all the files to 000 ?

    •  @87c2be78b87d2eb2c8698180762f29dc:disqus , sorry for the late reply. I got around to testing this out for you. I installed multiple instances of Joomla, nesting them inside each other:  domain.com/joomla1/joomla2/joomla3/joomla4/joomla5/. Then intentionally screwed up the permissions of every single file: chmod -R 222  ~/public_html/. Then I ran the fix perms script.

      It successfully corrected all the file permissions all the way down to sub-directories of the 5th Joomla install. Did you have a special setup for your install? Are you able to give any more info about the problem?

  • Ben F

    Thanks for the script.  Fixed all the permmissions i screwed up before enabling suPHP .. thanks

    • @fdde00518dd2cb0cf2b86c3b7d719db6:disqus, glad to help 🙂 Its a good script to run as a general fix.

  • Pingback: 4 oh 3 oh no – What was with all of those pesky 403 errors. | Thoughts++()

  • drhoo

    Hi,

    I’m going to switch to suPHP, but rather than running your script, I want to test first which site are likely to have permission or ownership problems. What command would you use?

    Thanks

    • @d0d8e2f289f3def6ac4909ea92257b0d:disqus, Its hard to say for sure what sites will have errors. It depends on the software and coding used to run your site. WordPress and other CMS’s looking to take advantage of features such as file uploads will fail if the permissions/ownership is not correct. In my experience, most database driven sites will be affected; not because they use MySQL, but simply because they tend to use features and do things that will error if the permissions/ownership are not exactly correct.

  • Hi, 

    Great script, there is a bug tho: if the directory name or filename has caps in it (one or all caps) it gives an error it can find the file. Also same with special chars like [] or accents.

    I don’t know how to fix it tho, just let you know.

    Regards

    •  Thanks for pointing that out. I was having trouble, myself, narrowing down the exact problem. However, it has been fixed now. It was an issue with Xargs uses spaces as delimiters.

  • ethicalmohit

    I am Getting  Message -bash: ./fixperms.sh: Permission denied

    • Make sure you are logged as root or at least that you ‘su’ to a root user.

  •  @jehzlau:disqus , It is true that you can run a quick CHMOD, however, you have to be careful when running that one you posted. If you run that in any directory outside your document root (public_html), it will break things. For instance, above your public_html directory, there is the user mail folder, the user etc folder, and more. Those files need specific permissions. So be sure you are in your public_html directory before running that. Also, CGI and Perl scripts can’t have perms of 644, or else they can’t execute properly. They need to be set to 755.

    The script in my article does so much more. It can safely be run from ANY directory without risk of breaking things. It will set CGI and Perl files to 755. It also does a CHOWN to fix ownership of files/folders. And finally it will also run a cPanel mail perms fix so that all mail user’s boxes are good to go. Its a general good fix to run.

    • Ooohh.. nice.. Thanks for the clarification about the script. 😀

    • devcent

      Lol. If that so easy why theres so many folks here. 😀 . You can only run those codes inside your public directory or sub domain folder otherwise your totally screwed…

      It happens to me 😀 thats why im also here.

  • @fa3c1fcaf834a39b95f146aa863c8bba:disqus  , I just double checked the commands, they all worked for me. Where did you have the permission problem, on the WGET or actually executing the command? If it was with executing the command, make sure that you are logged in as or sudo’d to ‘root’.

  • Matthew

    I get permission denied… wierd

    •  @fa3c1fcaf834a39b95f146aa863c8bba:disqus , sorry for the delay. I had actually forgotten to reply to you here. The script actually needed to be called using ‘sh’ before the script name. I updated the instructions after your post, but forgot to reply. Sorry about that 🙂

  • Chrisdigity

    OMG… Thanks so much your script is AWESOME

    Saved my website 😀

    THANX

  • I have never used command line scripting to work on a server, can I run this from whm or cpanel?  If not what do I need to get started?

  • As mentioned at http://www.webhostingtalk.com/showthread.php?t=1087839 – Great script ! It sure will save users a lot of time. +1

    • Glad you like it. Hope others find it helpful. I generally use it on a near daily basis.

      • Chris

         I’m a daily user as well 🙂  Well..  at least now — fixed a WP install in 2 seconds…

        • Thats where I get the most usage too. I’ll see a lot of wacky permissions on folder for different plugins and somewhere those perms can really screw things up on the site. Running a quick script to reset everything back to normality is far easier. Glad you like it!