Why does Security Advisor report "Apache vhosts are not segmented or chroot()ed"?

Question

Why does Security Advisor report "Apache vhosts are not segmented or chroot()ed"?

Answer

You will see this notice when your server is not configured to load user sites in a jailed environment. When a server is configured without jailed users, users may have access to data outside of their environment. The notice can be removed by following the procedure below.

Procedure

1. Check to see if mod_ruid2 is installed on your server by running the following command:

   rpm -qa|grep mod_ruid2

2. If mod_ruid2 is not installed, install it at WHM "Home / Software / EasyApache 4".
3. Navigate to "Home / Server Configuration / Tweak Settings" in WHM.
4. Click on the "Security" tab.
5. Select the "On" option next to "EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell."
6. Click the "Save" button.
7. Navigate to "Home / Account Functions / Manage Shell Access" in WHM.
8. Deselect the "Jailed" and "Disabled" checkboxes.
9. Click the "Apply to" button under "Jailed Shell" to change the shell of accounts from Normal to Jailed.
10. Click the "OK" button in the "Are you sure?" pop-up.

Additional Resources

EasyApache 4 Interface

Tweak Settings

Manage Shell Access