We have a new CloudLinux 8 machine, it has no user accounts on it yet, it's being prepped.
There's a daily cron job that runs and it's reporting "Your CloudLinux Server has issues:"
Check fs.symlinkown_gid:
FAILED: Web-server user 'nobody' is not in protected group specified in /proc/sys/fs/symlinkown_gid. Fix the issue to provide symlink protection for apache user and as a result make your Web Server more secure.
See details: Command-line tools (CLI)
Command for disabling this cron checker: "cldiag --disable-cron-checkers check-symlinkowngid"
I have read the documentation about this at:
On this CL8 server when I run the command "id nobody" the output is uid=65534(nobody) gid=65534(nobody) groups=65534(nobody);
I had expected to see 99, can I assume that this has changed for CL8 and nobofy now runs as 65534?
On our CL6 machine it's set at 99.
In order to rectify this, do I update the line:
fs.symlinkown_gid = 99 in /etc/sysctl.conf
with
fs.symlinkown_gid = 65534
and then execute sysctl -p
I want to be 100% sure before I do this!
Thanks.
There's a daily cron job that runs and it's reporting "Your CloudLinux Server has issues:"
Check fs.symlinkown_gid:
FAILED: Web-server user 'nobody' is not in protected group specified in /proc/sys/fs/symlinkown_gid. Fix the issue to provide symlink protection for apache user and as a result make your Web Server more secure.
See details: Command-line tools (CLI)
Command for disabling this cron checker: "cldiag --disable-cron-checkers check-symlinkowngid"
I have read the documentation about this at:
On this CL8 server when I run the command "id nobody" the output is uid=65534(nobody) gid=65534(nobody) groups=65534(nobody);
I had expected to see 99, can I assume that this has changed for CL8 and nobofy now runs as 65534?
On our CL6 machine it's set at 99.
In order to rectify this, do I update the line:
fs.symlinkown_gid = 99 in /etc/sysctl.conf
with
fs.symlinkown_gid = 65534
and then execute sysctl -p
I want to be 100% sure before I do this!
Thanks.
Last edited by a moderator:
