suPHP and FastCGI require files and folders to have a specific set of permissions/ownership from other handlers. Without these permissions set you will see a lot of errors such as: “403 Forbidden”, “500 Internal Server Error”, or simply generic errors that commonly have the word ‘permission’ in them.
It can be very time consuming to track down and check file permissions across a whole server. Luckily, fixing this on a cPanel box can be scripted. This gives us a quick and very easy script you can wget to any cPanel server. Simply run the ‘fixperms’ script, specifying the user (or all users), sit back and watch the errors just disappear. I use this script daily in my administrative work and it never fails! It is simply a good generic fix if you cannot find your permission problem, or if you have just switched your handler and need a quick way to change every user account on the server.
Credit does not go to me though. A good buddy of mine, Colin R, wrote this for ServInt. Thanks Colin for making others’ lives easier!
WARNING!!! The following scripts are intended for suPHP or FastCGI. If you are not running either of these two handlers, be aware of how the script works and the changes it makes. The code is posted at the end of this article; please take a moment to review it. For example, when running DSO, some files/folders may need to be owned by ‘nobody’ in order to function properly (such as in certain Wordpress functions or PHP based file uploads). Running this fixperms will set everything to USER:USER. Under DSO, this is potentially not a problem for most sites, except a few core functions may not work. You can always change specific files later if any errors pop up.
Furthermore, it is highly recommended that you run a full backup of your server before running fixperms or any other script that makes changes to multiple files.
This fixperms script is intended for cPanel servers only. It is dependent on cPanel’s internal scripts and file structure. If you’re on anything else (such as Plesk), it will simply fail to run. It won’t be able to do anything.
I know that criteria sounds very specific, but those two conditions cover a large number of the reseller/multi-user hosting servers out there. And that’s really the crowd that would benefit most from an automated script such as this.
That all being said, if you are running suPHP or FastCGI, press on; for this script will work flawlessly for you and potentially save you a TON of time & hassle.
Fixperms - for one single user
To use the fixperms script, simply log into your server as root, wget the file from GutHub, then run it. Type in the cPanel username and it will run only for that particular account.
It does not matter which directory you are in when you run fixperms. You can be in the user’s home directory, the server root, etc. The script will not affect anything outside of the particular user’s folder.
Fixperms - for all of the users
If you would like fix the permissions for every user on your cPanel server, simply use the ‘-all’ option:
Verbosity of Fixperms
By default, the script runs in a ‘quiet’ mode with minimal display. However, if you’re like me, you may want to see everything that is happening. You can turn on verbosity and have the script print to the screen everything that is being changed. I find this extremely useful when fixing large accounts that have many files. You can watch the changes as a sort of ‘progress bar’ of completion. The ‘-v’ option can be used per account or with all accounts.
I understand that it can be a big security concern to simply ‘wget’ a file from a website you found, and then blindly run it on a production server. I understand your fear; I’m right there with you and would likewise be leery and very hesitant. However, I promise you that there is no malicious intent in this or anything you will ever get from my site. I have pasted the content of the file below for your examination.
So there you have it. An effective permissions fix for your cPanel account. When you run this, people will think you’re a hero! So, go forth and save your users from the evils of site errors!
Note about this article
This article is one I had written and shared with the ServInt blog as part of the ‘Tech bench’ series. You can view it on the ServInt blog here. They are using my article with my permission.
This post has been updated since it’s original publishing. Here is a list of changes:
03/21/15: Moved code to GitHub
09/17/14: Smalls tweaks in the wording for error reporting
03/30/13: Added support for Subdomains and Addon domains that have their document root outside the public_html folder, Cleaned up the output display, Removed the cPanel mail perms script because it essentially does nothing, moved fixperms.sh location to a central ‘utilities’ folder (left a 301 redirect for the old location)
01/03/13: Corrected the inconsistency between using -all and –all (when employing verbosity)
06/03/12: Updated warning verbage for DSO
05/10/12: Bug fix for file names that contain special characters
01/26/12: New feature rich script written by Colin R.