The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP might be running as a privileged group

Discussion in 'Security' started by rscalover, Dec 11, 2014.

  1. rscalover

    rscalover Member

    Joined:
    Dec 16, 2010
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    this is what i get from phpsecinfo

    phperror.JPG

    Looking at value 10 that's the wheel group users in this group can use the "su -" command to get a root prompt.The error does not disappaer if u remove the user from the wheel group.That error is annoying anything i can do to make it disappaer ?.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. rscalover

    rscalover Member

    Joined:
    Dec 16, 2010
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    suPHP with suEXEC enabled i disabled fastcgi again because i whas getting allot of emails from csf about high resource usage.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You may want to post to the PHPSecInfo mailing list to report this issue to them or to have them better identify specific instances where it may not be an actual security problem.

    Thank you.
     
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Was a user id that PHP runs as in the wheel group? If so that's not a good sign IMO, unless you were running the site under an account that you had knowingly granted that privilege to.

    Also how are you accessing phpsecinfo? Under what user or document root are you calling it? I tried it under a SuPHP user with SuEXEC and I do not get the privileged GID warning.
     
    #5 quizknows, Dec 11, 2014
    Last edited: Dec 11, 2014
  6. rscalover

    rscalover Member

    Joined:
    Dec 16, 2010
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    I granted that permission (the wheel group thing) i call phpsecinfo like this domain.com/phpsecinfo/index.php the strange thing is the warning does not disappaer if i remove the involved user from the wheel group also i don't get a warning about the user running PHP.If it works with no warning on your end then there must be something wrong on my end i will find out i think CloudLinux (CageFS and such) have something todo with it.

    I just noticed the index.php file is just an example howto call that system jeesus sorry for being ignorant about this

    my suphp_log shows the correct UID and GID values

     
    #6 rscalover, Dec 12, 2014
    Last edited: Dec 12, 2014
  7. rscalover

    rscalover Member

    Joined:
    Dec 16, 2010
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    When i disable CageFs for that particular account the error disappaers

    php_error_gone.JPG


    now the question is why is this happening ? i guess i need to ask cloudlinux support.
     
  8. rscalover

    rscalover Member

    Joined:
    Dec 16, 2010
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    hi,

    Problem solved :D after i removed the involved user from the wheel group using the usermod command it whas still saying that user is a member of the wheel group.I scratched my head and turns out CageFs has it's own group and passwd files and you need to edit them (only group file in this case) after that you need to run as root

    just posting in case anybody has the same problem.
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page