Server suexec cmd: ea-php70 in: /var/log/secure

mariusfv

Active Member
Mar 24, 2013
35
7
133
Romania
cPanel Access Level
Root Administrator
Hi,

The log from: /var/log/secure start to show suddenly this values:


Code:
Dec 12 20:33:38 server suexec[5263]: uid: (1007/account10) gid: (1007/account10) cmd: ea-php70
Dec 12 21:05:50 server suexec[13756]: uid: (1007/account10) gid: (1007/account10) cmd: ea-php70
Dec 12 21:05:53 server suexec[13773]: uid: (1007/account10) gid: (1007/account10) cmd: ea-php70
Dec 12 21:05:55 server suexec[13880]: uid: (1007/account10) gid: (1007/account10) cmd: ea-php70
Dec 12 21:06:33 server suexec[13940]: uid: (1007/account10) gid: (1007/account10) cmd: ea-php70
Dec 12 21:10:48 server suexec[15080]: uid: (1007/account10) gid: (1007/account10) cmd: ea-php70
Dec 12 21:12:43 server suexec[15254]: uid: (1007/account10) gid: (1007/account10) cmd: ea-php70
Dec 12 21:13:01 server suexec[15284]: uid: (1007/account10) gid: (1007/account10) cmd: ea-php70
I have many accounts on that server, but only for "account10" I have this log in /var/log/secure.

In the last days I've installed & configured Cloudlinux, Kernelcare & CageFS but I choose to use PHP-FPM with Easyapache 4 and to not install PHP Selector from Cloudlinux because is not need users to choose theirs PHP handler (Cloudlinux team confirm me that PHP Selector isn't mandatory and I can continue use PHP-FPM with Easyapache 4 on cPanel).

Have anyone any idea what is about this log?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Hello,

It's normal to see suexec entries logged to the /var/log/secure file. Are you sure this account is using the same PHP handler and PHP version as all of your other accounts? If so, feel free to open a support ticket if you'd like us to take a closer look.

Thank you.