Permissions for each website run under different users (suexec, lsphp...) — CyberPanel - WebHosting Control Panel for OpenLiteSpeed

Permissions for each website run under different users (suexec, lsphp...)

Is there any tutorial to do that, as I see currently the system is using a single user for all webs: sslipse

[[email protected] public_html]# ls -lah
total 24K
drwxr-xr-x 3 sslipse sslipse 4.0K Mar 22 06:44 .
drwxr-xr-x 4 sslipse sslipse 4.0K Mar 22 04:13 ..
drwxr-xr-x 2 sslipse sslipse 4.0K Mar 22 04:13 .well-known
-rwxr--r-- 1 sslipse sslipse  725 Mar 22 04:14 index.html
-rw-r--r-- 1 sslipse sslipse   20 May  8  2014 info.php
-rw-r--r-- 1 sslipse sslipse  144 May 17  2016 who.php

For example web running as user1 privilege; web running as user2 privilege;

This is to limit the localattack


  • You are inside a public_html of a single website (All child domains under this will use this user)

    However each website runs via its own user, you need to run

    ls -la /home

    1. Add a USER: user1
    2. Add WEBSITE for user1:
    3. Check Permission /home:
    [[email protected] ~]# ls -lah /home/
    total 28K
    drwxr-xr-x  7 root       root       4.0K Mar 22 07:15 .
    dr-xr-xr-x 20 root       root       4.0K Mar 22 04:40 ..
    drwx------  2 cyberpanel cyberpanel 4.0K Mar 22 06:42 cyberpanel
    drwxr-xr-x  4 sslipse    sslipse    4.0K Mar 22 04:13
    drwxr-xr-x  4 sslipse    sslipse    4.0K Mar 22 04:53
    drwxr-xr-x  4 sslipse    sslipse    4.0K Mar 22 07:15
    drwx------  2 vmail      vmail      4.0K Mar 22 04:02 vmail
    1. Check vHost Conf of WEBSITE
    docRoot                   $VH_ROOT/public_html
    vhDomain                  $VH_NAME
    vhAliases                 www.$VH_NAME
    adminEmails               [email protected]
    enableGzip                1
    enableIpGeo               1
    index  {
      useServer               0
      indexFiles              index.php, index.html
    errorlog $VH_ROOT/logs/$VH_NAME.error_log {
      useServer               0
      logLevel                ERROR
      rollingSize             10M
    accesslog $VH_ROOT/logs/$VH_NAME.access_log {
      useServer               0
      logFormat               "%v %h %l %u %t "%r" %>s %b"
      logHeaders              5
      rollingSize             10M
      keepDays                10  compressArchive         1
    scripthandler  {
      add                     lsapi:sslipse php
    extprocessor sslipse {
      type                    lsapi
      address                 UDS://tmp/lshttpd/sslipse.sock
      maxConns                10
      env                     LSAPI_CHILDREN=10
      initTimeout             60
      retryTimeout            0
      persistConn             1
      pcKeepAliveTimeout      1
      respBuffer              0
      autoStart               1
      path                    /usr/local/lsws/lsphp72/bin/lsphp
      extUser                 sslipse
      extGroup                 sslipse
      memSoftLimit            2047M
      memHardLimit            2047M
      procSoftLimit           400
      procHardLimit           500
    context /.filemanager {
      type                    NULL
      location                /usr/local/lsws/Example/html/FileManager
      allowBrowse             1
      autoIndex               1
      accessControl  {
        allow       , localhost
      addDefaultCharset       off
    vhssl  {
      keyFile                 /usr/local/lsws/conf/vhosts/
      certFile                /usr/local/lsws/conf/vhosts/
      certChain               1
      sslProtocol             31
    1. Check passwd
    [[email protected] ~]# cat /etc/passwd
    ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
    systemd-bus-proxy:x:999:998:systemd Bus Proxy:/:/sbin/nologin
    systemd-network:x:998:997:systemd Network Management:/:/sbin/nologin
    dbus:x:81:81:System message bus:/:/sbin/nologin
    saslauth:x:997:76:Saslauthd user:/run/saslauthd:/sbin/nologin
    rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
    sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
    nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
    mysql:x:995:994:MySQL server:/var/lib/mysql:/sbin/nologin
    ftpuser:x:2001:2001:"pureftpd user":/bin/null:/bin/false
    pdns:x:994:993:PowerDNS user:/:/sbin/nologin
    dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
    dovenull:x:993:992:Dovecot's unauthorized user:/usr/libexec/dovecot:/sbin/nologin

    It seems that I have add as many users or domains, their permissions are under USER sslipse

  • edited March 2018

    I understand your point of view, the problem is PHPSuExec user is picked from the domain name.

    Your domain name here is similar, except the number (numbers are excluded), which is why you are getting the same user every time.

    Try with something like:

  • edited March 2018

    Everything has been successful, thanks you!

    But it seems that CyberPanel users will have trouble with different subdomains for plans CDN Server Static File:

    [[email protected] ~]# ls -lah /home/
    total 44K
    drwxr-xr-x 11 root       root       4.0K Mar 22 07:41 .
    dr-xr-xr-x 20 root       root       4.0K Mar 22 04:40 ..
    drwxr-xr-x  4 cdnclou    cdnclou    4.0K Mar 22 07:40
    drwxr-xr-x  4 cdnclou    cdnclou    4.0K Mar 22 07:41
    drwx------  2 cyberpanel cyberpanel 4.0K Mar 22 07:34 cyberpanel
    drwx------  2 vmail      vmail      4.0K Mar 22 04:02 vmail
    drwxr-xr-x  4 voduyco    voduyco    4.0K Mar 22 07:31
  • Will add some random characters to PHPSuExec user which should rectify this.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

This Site is currently in maintenance mode.
Please check back here later.

→ Site Settings