Ability to set the umask for cPanel's File Manager
Open Discussion
As a Server Administrator, I want the ability to set the umask for cPanel's File Manager, so that I have higher file system security.
- Set umask for cPanel's file manager to tighten security. Current umask is 022 which can be an issue in a shared environment.
- Umask can be set within other services (ssh, ftp, php) - just missing this functionality for the File Manager.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
I like this feature, but it depends heavily on your setup:
With suexec enabled 750 and 640 are fine for a PHP file, but what about files not executed by suexec? (images, static files, flash...)
You should have nobody (or your current apache user) as a member of the user's group, and that would also make the umasking not so useful anymore.
Without suexec or for static files, the default 755 and 644 are ok.
- What's your current setup umask?
I like this feature, but it depends heavily on your setup:
With suexec enabled 750 and 640 are fine for a PHP file, but what about files not executed by suexec? (images, static files, flash...)
You should have nobody (or your current apache user) as a member of the user's group, and that would also make the umasking not so useful anymore.
Without suexec or for static files, the default 755 and 644 are ok.
- What's your current setup umask?
Good point - but I believe it would be better to set a more strict mode on all files and let the user chmod static files, images, etc. if needed. I feel that a customer would be happier if you told them their file isn't accessible to Apache because of the default permission set, over telling them their database config file was read via an exploit within another account.
Within our cPanel templates I've adjusted the umask to 026 for ssh, ftp, and php.
Good point - but I believe it would be better to set a more strict mode on all files and let the user chmod static files, images, etc. if needed. I feel that a customer would be happier if you told them their file isn't accessible to Apache because of the default permission set, over telling them their database config file was read via an exploit within another account.
Within our cPanel templates I've adjusted the umask to 026 for ssh, ftp, and php.
Good point - but I believe it would be better to set a more strict mode on all files and let the user chmod static files, images, etc. if needed. I feel that a customer would be happier if you told them their file isn't accessible to Apache because of the default permission set, over telling them their database config file was read via an exploit within another account.
Within our cPanel templates I've adjusted the umask to 026 for ssh, ftp, and php.
Good point - but I believe it would be better to set a more strict mode on all files and let the user chmod static files, images, etc. if needed. I feel that a customer would be happier if you told them their file isn't accessible to Apache because of the default permission set, over telling them their database config file was read via an exploit within another account.
Within our cPanel templates I've adjusted the umask to 026 for ssh, ftp, and php.
Devs, please still consider this as an important feature request. Silent Ninja's points above are valid but no longer effect Apache when mod_ruid2 is enabled. Having the ability to set the defaults permissions for files/directories created with cPanel's File Manager is very important.
Devs, please still consider this as an important feature request. Silent Ninja's points above are valid but no longer effect Apache when mod_ruid2 is enabled. Having the ability to set the defaults permissions for files/directories created with cPanel's File Manager is very important.
Sounds nice, since we can manage easily.
Sounds nice, since we can manage easily.
Replies have been locked on this page!