cPaddon security warning with mod_lsapi

Rodrigo Gomes

Well-Known Member
Apr 6, 2016
128
29
78
Brazil
cPanel Access Level
Root Administrator
When a customer will install WordPress in auto installer of cPanel, he is getting the following warning:

The web server does not run scripts as the script owner. With this configuration, we must set the file permission on this application more permissively. This can result in security issues with this application on shared servers. Only use this cPAddon with this configuration if you use a dedicated server. To enable the more secure mode, contact your hosting provider and request that they install ruid2 or itk on the web server. After your administrator enables the module, they can run the /usr/local/cpanel/scripts/fix_addon_permissions script to adjust the security of any cPAddons with this security policy.
I use mod_lsapi, in Cloudlinux, which is safe and should not be seeing this warning.
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Hello,

To update, internal case CPANEL-17481 was opened to report the issue where "cPanel >> Site Software" does not consider lsapi before displaying the following security warning:

"Warning: The web server does not run scripts as the script owner. With this configuration, we must set the file permission on this application more permissively. This can result in security issues with this application on shared servers. Only use this cPAddon with this configuration if you use a dedicated server. To enable the more secure mode, contact your hosting provider and request that they install ruid2 or itk on the web server. After your administrator enables the module, they can run the /usr/local/cpanel/scripts/fix_addon_permissions script to adjust the security of any cPAddons with this security policy."
I'll monitor this case and update this thread with more information as it becomes available.

Thank you.
 
  • Like
Reactions: Rodrigo Gomes

jndawson

Well-Known Member
Aug 27, 2014
303
32
78
Western US
cPanel Access Level
DataCenter Provider
Hello,

To update, internal case CPANEL-17481 was opened to report the issue where "cPanel >> Site Software" does not consider lsapi before displaying the following security warning:

[snip]

I'll monitor this case and update this thread with more information as it becomes available.

Thank you.
Howdy - Any status? Also, where can we find a case list to check status ourselves? Searching the cPanel website results in nothing.

thanks,
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Hi @jndawson,

We don't offer a public listing of all active bugs and their statuses at this time, however we're happy to provide more information on the status of a particular case anytime you'd like an update.

Internal case CPANEL-17481 is still open at this time. There's no new information to report as of now, but I'll update this thread as soon as new information is available.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Hello @ijsaul,

The case is still open, and there's no time frame to provide on a solution at this time. I'll update this thread as soon as more information is available.

Thank you.
 

neoistone

Member
Aug 25, 2019
5
0
1
INDIA
cPanel Access Level
DataCenter Provider
Warning: The web server does not run scripts as the script owner. With this configuration, we must set the file permission on this application more permissively. This can result in security issues with this application on shared servers. Only use this cPAddon with this configuration if you use a dedicated server. To enable the more secure mode, contact your hosting provider and request that they install ruid2 or itk on the web server. After your administrator enables the module, they can run the /usr/local/cpanel/scripts/fix_addon_permissions script to adjust the security of any cPAddons with this security policy.

wordpress in installton
 

maverickws

Member
Dec 13, 2017
10
2
3
Lisbon
cPanel Access Level
Root Administrator
I agree. I've come across this thread long ago, and I'm reminded of it every now and then when someone tries to use the wordpress installer. It's an unpleasant experience and I strongly agree this should have been fixed by now.
 
  • Like
Reactions: jndawson