minimum user ID value change causing cPanel login problems

[Metro2]

While going through my WHM settings recently after updating from 11.28.x to 11.30.x (Release) I noticed that in

WHM > Basic cPanel & WHM Setup > The minimum user ID value used when creating new accounts.

The field was empty, and the value was highlighted in red, suggesting that I set it to at least the default minimum user ID of 500.

So, I did just that. I marked the radio button for "500 Default " and saved the change.

At first I didn't notice any problems, but then I started receiving just a few customer reports of people receiving "Internal Server Error 500 - Could not fetch uid or gid for : root" when trying to log into their cPanel. I tested my cPanel login on one of my own accounts and sure enough, I received the same error message.

In addition, my CSF/LFD has been sending alerts regarding /usr/local/cpanel/cpsrvd-ssl and cpanelroundcube

For example, here is part of a recent email alert from root:

Suspicious process running under user cpanelroun​dcube
Time: Thu Jun 9 05:25:13 2011 -0500
PID: 8453
Account: cpanelroundcube
Uptime: 88 seconds
Executable: /usr/local/cpanel/cpsrvd-ssl (deleted)
webmaild - serving xx.xx.xxx.xx

It seems to me that WHM/cPanel have somehow maybe cached sessions for cPanel and Webmail logins based on the "minimum user ID" and the perhaps several accounts have a user ID lower than 500 even after making the change in WHM > Basic cPanel & WHM Setup > The minimum user ID value used when creating new accounts.

I wonder - am I facing some real underlying trouble here? Is this something that might resolve itself in time? Or are there further steps I need to take on my part to change the user ID numbers on the accounts I host? (and if so, how?)

I'm running RHEL 4, WHM/cPanel 11.30.0 (Build 29), PHP 5.2.17 with suPHP handler.

Thanks for reading and for any replies!

[cPanelTristan]

What are the UID and GID values for any of the cPanel accounts that have contacted you? You can find that out in /etc/passwd by grepping for the account's cPanel username:

Code:

grep username /etc/passwd

If you do find you are having issues due to this change and the user does have a UID under 500, then I might suggest opening up a ticket using WHM > Support Center > Contact cPanel or via the link in my signature for us to investigate on the machine directly.

[Metro2]

Thanks for the reply Tristan,

Using grep username /etc/passwd I have first checked the /etc/passwd file for one of my own accounts that was displaying "Internal Server Error 500 - Could not fetch uid or gid for : root" when I tried logging into the cPanel for the account, and it returned this:

mysername:x:603:598::/home/myusername:/usr/local/cpanel/bin/noshell

I'm assuming that means the user ID is either 603 or 598
STRIKE THAT - I see that means UID is 603 and GID is 598

And ironically - though I have not made any changes at all since I encountered the issue for myself - suddenly the problem is NOT occurring for that account now!

I'm now off to grep username /etc/passwd for the 3 or 4 other customer accounts who have reported the issue so far.

[Metro2]

Just checked one of the customer accounts that I was receiving the cpanelroundcube reports for, and grep username /etc/passwd returns:

username:x:579:579::/home/username:/usr/local/cpanel/bin/noshell

Makes me curious as to why doing a grep username /etc/passwd for some accounts returns what appears to be two different UID's (like in my previous post in which the uid was 603:598 ) but in other cases like this the uid "matches" (579:579).

[cPanelTristan]

They are returning the UID and the GID for the account. The user ID and the group ID are not always the same.

[Metro2]

They are returning the UID and the GID for the account. The user ID and the group ID are not always the same.

Thanks. Yes, I realized that just as I was doing this (never had to check this before, I'm a bit embarrassed now). I'm guessing that the few accounts here and there that have a different UID than GID are ones where I have specific different Feature Manager and related Package permissions.

[Metro2]

Followup - seems that restarting some services (imap, pop, exim, and cpanel itself) has done away with the "Executable: /usr/local/cpanel/cpsrvd-ssl (deleted)" error email alerts.