Issue
Cron message or cldiag --all output provides the following issue:
Check fs.symlinkown_gid:
FAILED: Web-server user 'nobody' is not in protected group specified in /proc/sys/fs/symlinkown_gid. Fix the issue to provide symlink protection for apache user and as a result make your Web Server more secure.
See details: https://docs.cloudlinux.com/command-line_tools/#check-symlinkowngid
Command for disabling this cron checker: "cldiag --disable-cron-checkers check-symlinkowngid"
Environment
- CloudLinux
- Apache webserver
Solution
1. According to the output of this command:
id nobody
change the GID of processes that cannot follow symlink.
2. Edit the /etc/sysctl.conf file, add or edit the line:
fs.symlinkown_gid = XX
3. And execute:
$ sysctl -p
Cause
On standard RPM Apache installation, Apache is usually running under GID 48.
On cPanel servers, Apache is running under user nobody, GID 99.
Most likely, in this case, the fs.symlinkown_gid parameter is defined incorrectly in the /etc/sysctl.conf or not defined at all.
Comments
0 comments
Please sign in to leave a comment.