PHP might be running as a privileged group

[rscalover]

Hello,

this is what i get from phpsecinfo



Looking at value 10 that's the wheel group users in this group can use the "su -" command to get a root prompt.The error does not disappaer if u remove the user from the wheel group.That error is annoying anything i can do to make it disappaer ?.

 

[cPanelMichael]

Hello

Could you let us know which PHP handler (e.g. DSO, suPHP) is enabled on your system?

Thank you.

 

[rscalover]

Hello

Could you let us know which PHP handler (e.g. DSO, suPHP) is enabled on your system?

Thank you.

suPHP with suEXEC enabled i disabled fastcgi again because i whas getting allot of emails from csf about high resource usage.

 

[cPanelMichael]

That error is annoying anything i can do to make it disappaer ?.

You may want to post to the PHPSecInfo mailing list to report this issue to them or to have them better identify specific instances where it may not be an actual security problem.

Thank you.

 

[quizknows]

Was a user id that PHP runs as in the wheel group? If so that's not a good sign IMO, unless you were running the site under an account that you had knowingly granted that privilege to.

Also how are you accessing phpsecinfo? Under what user or document root are you calling it? I tried it under a SuPHP user with SuEXEC and I do not get the privileged GID warning.

 

[rscalover]

Was a user id that PHP runs as in the wheel group? If so that's not a good sign IMO, unless you were running the site under an account that you had knowingly granted that privilege to.

Also how are you accessing phpsecinfo? Under what user or document root are you calling it? I tried it under a SuPHP user with SuEXEC and I do not get the privileged GID warning.

I granted that permission (the wheel group thing) i call phpsecinfo like this domain.com/phpsecinfo/index.php the strange thing is the warning does not disappaer if i remove the involved user from the wheel group also i don't get a warning about the user running PHP.If it works with no warning on your end then there must be something wrong on my end i will find out i think CloudLinux (CageFS and such) have something todo with it.

I just noticed the index.php file is just an example howto call that system jeesus sorry for being ignorant about this

my suphp_log shows the correct UID and GID values

[Fri Dec 12 12:57:11 2014] [info] Executing "/home/username/public_html/phpsecinfo/index.php" as UID 504, GID 505

 

[rscalover]

Hello,

When i disable CageFs for that particular account the error disappaers




now the question is why is this happening ? i guess i need to ask cloudlinux support.

 

[rscalover]

hi,

Problem solved :D after i removed the involved user from the wheel group using the usermod command it whas still saying that user is a member of the wheel group.I scratched my head and turns out CageFs has it's own group and passwd files and you need to edit them (only group file in this case) after that you need to run as root

cagefsctl --force-update-etc username

just posting in case anybody has the same problem.

 

[cPanelMichael]

I am happy to see you were able to address the issue. Thank you for updating us with the outcome.