Tech, filmmaking, & thoughts.
Auto fix for file permissions and ownership
#Updates:
#01/26/2012 | New feature rich script written by Colin R.
suPHP and FastCGI require files and folders to have a specific set of permissions/ownership from other handlers. Without these permissions set you will see a lot of errors such as: “403 Forbidden”, “500 Internal Server Error”, or simply generic errors that commonly have the word ‘permission’ in them.
It can be very time consuming to track down and check file permissions across a whole server. Luckily, fixing this on a cPanel box can be scripted. This gives us a quick and very easy script you can wget to any cPanel server. Simply run the ‘fixperms’ script, specifying the user (or all users), sit back and watch the errors just disappear. I use this script daily in my administrative work and it never fails! It is simply a good generic fix if you cannot find your permission problem, or if you have just switched your handler and need a quick way to change every user account on the server.
Credit does not go to me though. A good buddy of mine, Colin R., wrote this for ServInt. Thanks Colin for making lives easier!
***WARNING!!! The following scripts are intended for suPHP or FastCGI ONLY! If you are not running either of these 2 handlers, do not run fixperms. The script will cause problems if you are running another handler such as DSO.
Furthermore, it is highly recommended that you run a full backup of your server before running fixperms or any other script that makes changes to multiple files.
This ‘fixperms’ script is intended for cPanel servers only. It is dependent on cPanel’s internal scripts and file structure. If you’re on anything else (such as Plesk), it will simply fail to run. It won’t be able to do anything.
I know that criteria sounds very specific, but those two conditions cover a large number of the reseller/multi-user hosting servers out there. And that’s really the crowd that would benefit most from an automated script such as this.
#1 – WGET Fixperms – for one single user
To use the fixperms script, simply log into your server as root, wget the file from our server, then run it. Type in the cPanel username and it will run only for that particular account.
It does not matter which directory you are in when you run fixperms. You can be in the user’s home directory, the server root, etc. The script will not affect anything outside of the particular user’s folder.
wget boomshadow.net/wp-content/uploads/2011/10/fixperms.sh sh ./fixperms.sh -a USER-NAME
#2 – Fixperms – for all of the users
If you would like fix the permissions for every user on your cPanel server, simply use the ‘–all’ option:
./fixperms.sh --all
#3 – Verbosity of Fixperms
By default, the script runs in a ‘quiet’ mode with minimal display. However, if you are like me, you may want to see everything that is happening. You can turn on verbosity and have the script print to the screen everything that is being changed. I find this extremely useful when fixing large accounts that have many files. You can watch the changes as a sort of ‘progress bar’ of completion. The ‘-v’ option can be used per account or with all accounts.
For one single account:
./fixperms.sh -v -a USER-NAME
For all accounts:
./fixperms.sh -v --all
#3 – The code itself, what’s in it?
I understand that it can be a big security concern to simply ‘wget’ a file from a website you found, and then blindly run it on a production server. I understand your fear; I’m right there with you and would likewise be leery and very hesitant. However, I promise you that there is no malicious intent in this or anything you will ever get from my site. I have pasted the content of the file below for your examination.
#! /bin/bash
#
# Date: Jan 26th 2012
# Author: Colin Roche-Dutch
# Fixperms script for ServInt
#
# Fixperms script for cPanel servers running suPHP or FastCGI
# Written for ServInt.net
# Copyright 2012 ServInt Corporation
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details. http://www.gnu.org/licenses/
# Set verbose to null
verbose=""
#Print the help text
helptext () {
tput bold
tput setaf 2
echo "Fix perms script help:"
echo "Sets file/directory permissions to match suPHP and FastCGI schemes"
echo "USAGE: fixperms [options] -a account_name"
echo "-------"
echo "Options:"
echo "-h or --help: print this screen and exit"
echo "-v: verbose output"
echo "--all: run on all cPanel accounts"
echo "--account or -a: specify a cPanel account"
tput sgr0
exit 0
}
# Main workhorse, fix perms per account passed to it
fixperms () {
#Get account from what is passed to the function
account=$1
#Check account against cPanel users file
if ! grep $account /var/cpanel/users/*
then
tput bold
tput setaf 1
echo "Invalid cPanel account"
tput sgr0
exit 0
fi
#Make sure account isn't blank
if [ -z $account ]
then
tput bold
tput setaf 1
echo "Need an account name!"
tput sgr0
helptext
#Else, start doing work
else
tput bold
tput setaf 4
echo "Fixing perms for $account:"
tput setaf 3
echo "------------------------"
tput setaf 4
echo "Fixing website files...."
tput sgr0
#Fix individual files in public_html
find /home/$account/public_html -type d -exec chmod $verbose 755 {} \;
find /home/$account/public_html -type f | xargs -r chmod $verbose 644
find /home/$account/public_html -name '*.cgi' -o -name '*.pl' | xargs -r chmod $verbose 755
chown $verbose -R $account:$account /home/$account/public_html/*
tput bold
tput setaf 4
echo "Fixing public_html...."
tput sgr0
#Fix perms of public_html itself
chown $verbose $account:nobody /home/$account/public_html
chmod $verbose 750 /home/$account/public_html
tput bold
tput setaf 4
echo "Fixing mail perms...."
tput sgr0
#Pass to cPanel's scripts to fix mail permissions
if [ -z $verbose ]
then
/scripts/mailperm --skiplocaldomains --skipmxcheck --skipserverperm $account > /dev/null
else
/scripts/mailperm --verbose --skiplocaldomains --skipmxcheck --skipserverperm $account
fi
tput bold
tput setaf 3
printf "Finished!\n\n"
tput sgr0
fi
return 0
}
#Parses all users through cPanel's users file
all () {
cd /var/cpanel/users
for user in *
do
fixperms $user
done
}
#Main function, switches options passed to it
case "$1" in
-h) helptext
;;
--help) helptext
;;
-v) verbose="-v"
case "$2" in
--all) all
;;
--account) fixperms "$3"
;;
-a) fixperms "$3"
;;
*) tput bold
tput setaf 1
echo "Invalid Option!"
helptext
;;
esac
;;
--all) all
;;
--account) fixperms "$2"
;;
-a) fixperms "$2"
;;
*)
tput bold
tput setaf 1
echo "Invalid Option!"
helptext
;;
esac
So there you have it. An effective permissions fix for your cPanel account. When you run this, people will think you’re a hero! So, go forth and save your users from the evils of site errors!
Note about this article
This article is one I had written for the ServInt blog as part of the ‘Tech bench’ series. You can view it on the ServInt blog here. Used with permission.
Related Posts:
| Print article | This entry was posted by boomshadow on October 22, 2011 at 4:03 am, and is filed under Fixes. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site. |
-
http://boomshadow.net Jacob (Boom Shadow)
-
http://www.jehzlau-concepts.com/ jehzlau
-
http://boomshadow.net Jacob (Boom Shadow)
-
Matthew
-
Chrisdigity
-
http://andrewjtalcott.com andrewjtalcott
-
http://boomshadow.net Jacob (Boom Shadow)
-
http://www.hostxnow.com Chris Smith
-
http://boomshadow.net Jacob (Boom Shadow)
