PHP might be running as a privileged group

rscalover

Well-Known Member
Dec 16, 2010
101
11
68
cPanel Access Level
Root Administrator
Hello,

this is what i get from phpsecinfo

phperror.JPG

Looking at value 10 that's the wheel group users in this group can use the "su -" command to get a root prompt.The error does not disappaer if u remove the user from the wheel group.That error is annoying anything i can do to make it disappaer ?.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,245
463
Hello :)

Could you let us know which PHP handler (e.g. DSO, suPHP) is enabled on your system?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,245
463
That error is annoying anything i can do to make it disappaer ?.
You may want to post to the PHPSecInfo mailing list to report this issue to them or to have them better identify specific instances where it may not be an actual security problem.

Thank you.
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
Was a user id that PHP runs as in the wheel group? If so that's not a good sign IMO, unless you were running the site under an account that you had knowingly granted that privilege to.

Also how are you accessing phpsecinfo? Under what user or document root are you calling it? I tried it under a SuPHP user with SuEXEC and I do not get the privileged GID warning.
 
Last edited:

rscalover

Well-Known Member
Dec 16, 2010
101
11
68
cPanel Access Level
Root Administrator
Was a user id that PHP runs as in the wheel group? If so that's not a good sign IMO, unless you were running the site under an account that you had knowingly granted that privilege to.

Also how are you accessing phpsecinfo? Under what user or document root are you calling it? I tried it under a SuPHP user with SuEXEC and I do not get the privileged GID warning.
I granted that permission (the wheel group thing) i call phpsecinfo like this domain.com/phpsecinfo/index.php the strange thing is the warning does not disappaer if i remove the involved user from the wheel group also i don't get a warning about the user running PHP.If it works with no warning on your end then there must be something wrong on my end i will find out i think CloudLinux (CageFS and such) have something todo with it.

I just noticed the index.php file is just an example howto call that system jeesus sorry for being ignorant about this

my suphp_log shows the correct UID and GID values

[Fri Dec 12 12:57:11 2014] [info] Executing "/home/username/public_html/phpsecinfo/index.php" as UID 504, GID 505
 
Last edited:

rscalover

Well-Known Member
Dec 16, 2010
101
11
68
cPanel Access Level
Root Administrator
Hello,

When i disable CageFs for that particular account the error disappaers

php_error_gone.JPG


now the question is why is this happening ? i guess i need to ask cloudlinux support.
 

rscalover

Well-Known Member
Dec 16, 2010
101
11
68
cPanel Access Level
Root Administrator
hi,

Problem solved :D after i removed the involved user from the wheel group using the usermod command it whas still saying that user is a member of the wheel group.I scratched my head and turns out CageFs has it's own group and passwd files and you need to edit them (only group file in this case) after that you need to run as root

cagefsctl --force-update-etc username
just posting in case anybody has the same problem.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,245
463
I am happy to see you were able to address the issue. Thank you for updating us with the outcome.