Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Permissions on /bin/su, /bin/mount and /usr/bin/newgrp

Discussion in 'Security' started by kwessel, Mar 9, 2012.

  1. kwessel

    kwessel Registered

    Joined:
    Mar 9, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Root Administrator
    Hi,

    Running CPanel on a Centos 6 server for only a couple weeks, and pretty much from the start, RKHunter has been complaining that the permissions of /bin/su, /bin/mount and /usr/bin/newgrp don't match what the RPM DB says they should be. /bin/mount and /usr/bin/newgrp should be 4755, but the setuid bit has been removed. /bin/su should be 4755 and owned by group root, but it's 4750 and owned by group weel.

    I saw no specific mention in the forums anywhere of CPanel making these changes, but I'm suspecting it did. Is this, in fact, true? If so, any suggestions on keeping RKHunter happy while still making it secure? --propupd does nothing for this since it's a package verification failure, and these are binaries that I'd really prefer not to whitelist. Personally, I'd like to set these perms and groups back to what they were in the original RPMs, but I'm not sure what that might break.

    Any advice would be great.

    Thanks,
    Keith
     
    #1 kwessel, Mar 9, 2012
  2. Mr. Bob

    Mr. Bob Member

    Joined:
    Feb 25, 2003
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    151
    I'm seeing the same on Cent 5.8

    Should I be concerned about this? The permissions still look safe to me. 711 on locate and 4750 on su. The warnings are quite annoying though...
     
    #2 Mr. Bob, Mar 20, 2012
    Last edited: Mar 20, 2012
  3. porsuke

    porsuke Registered

    Joined:
    Mar 27, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Website Owner
    I cannt change permissions to 775.
    What will I do?
     
    #3 porsuke, Mar 27, 2012
  4. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    168
    Location:
    Europe
    Any news on this? I see the same warnings in multiple servers and I'd like to know if there is a rootkit that has affected the machines or if this is normal.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 sehh, Sep 23, 2012
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Here are my permissions on each for my machine:

    Code:
    root@host [/usr/local/cpanel]# ls -ld /bin/su
-rwsr-x--- 1 root wheel 34904 Jun 22 15:46 /bin/su*

root@host [/usr/local/cpanel]# ls -ld /bin/mount
-rwxr-xr-x 1 root root 76056 Jun 22 14:51 /bin/mount*

root@host [/usr/local/cpanel]# ls -ld /usr/bin/newgrp
-rwxr-xr-x 1 root root 36144 Dec  7  2011 /usr/bin/newgrp*

root@host [/usr/local/cpanel]# ls -ld /usr/bin/locate
-rwx--x--x 1 root slocate 35840 Aug 23  2010 /usr/bin/locate*
    I haven't changed them at any point and I am most definitely not infected or hacked. I wipe my machine (it's a test VPS) every week or so, so it's definitely a clean system.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 cPanelTristan, Sep 23, 2012
(You must log in or sign up to post here.)
Loading...
Similar Threads - Permissions mount newgrp
  1. Spork Schivago

    Permissions of /usr/bin/su, /usr/bin/newgrp, and /usr/bin/mount

    Spork Schivago, Jun 16, 2017, in forum: Security
    Replies:
    4
    Views:
    825
    Spork Schivago
    Jun 19, 2017
  2. Adam Giddens

    Permissions Issue with Mounted Home DIR

    Adam Giddens, Nov 9, 2017, in forum: General Discussion
    Replies:
    1
    Views:
    251
    cPanelMichael
    Nov 9, 2017
  3. Reefive Sky

    Set default permissions of a .py file to 755?

    Reefive Sky, Jul 26, 2018, in forum: General Discussion
    Replies:
    2
    Views:
    65
    cPanelMichael
    Jul 27, 2018
  4. darwin7

    zip file permissions

    darwin7, May 27, 2018, in forum: General Discussion
    Replies:
    5
    Views:
    110
    cPanelMichael
    May 29, 2018
  5. ADGau

    Create additional users with restricted access permissions?

    ADGau, Apr 25, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    153
    cPanelLauren
    Apr 26, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice