You are most likely to see this notice when your server is not configured to load user sites in a jailed environment. When a server is configured without jailed users, it means that users may have access to data that lies outside of their own environment.
Correcting this behavior is a three-step process:
First, ensure that mod_ruid2 is installed in your server. There are two ways to determine this:
- From command line:
rpm -qa|grep mod_ruid2
- From WHM: Access EasyApache and search for the module noted under the Apache Modules section
Second, enable the "EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell." in the "Tweak Settings" area of WHM.
Finally, change your users shell to "jailshell" in the "Manage Shell Access" area of WHM.
Once completed, the notice should disappear from the Security Advisor.
If you need a more robust solution, you may be interested in CageFS on CloudLinux.
Using mod_ruid2 ensures that all scripts are running as a specific user, instead of the nobody user, and is required for the Experimental feature to function.
For more information on the importance of running site scripts as the user, please refer to the following article: