user nobody

[hd-sam]

I'm running a single site on a cpanel server.
I've installed litespeed with cpanel support and disabled suexec in the litespeed admin panel.

In order for everything to function properly with the current configuration (uploading, cache files, etc), I have to chown all the user's files to user/group nobody . Is this a security issue? or should we reinstall without cpanel support and setup litespeed to run as the user/group?

 

[webizen]

you should enable PHP suEXEC for shared hosting (each user has their own account uid/gid). then no need to chown.

 

[hd-sam]

Got it, but what if this is a cpanel server with only one site which has PHP suEXEC disabled?

cPanel creates everything using that account uid/gid

 

[webizen]

if you only have one account in cpanel, then it is ok to disable PHP suEXEC.

 

[hd-sam]

Right but programs that cache files, e.g. WP Super Cache, W3TC, and Timthumb for example, will then require nobody as the UID/GID to the folders/files, so that it can work.

Otherwise, it errors out

 

[webizen]

if you only have one account in cpanel, it is ok to have web server run as that uid/gid or change uid/gid to nobody.

 

[hd-sam]

Great, Thank you for your prompt help!