Symptoms
While trying to install Cloudlinux using the recommended installation method (here) you are presented with this error:
Checking for an update to cldeploy
Downloading version.dat (please wait)
cldeploy is already the latest version (1.63) - continuing
You have users in group clsudoers or clsupergid or in both groups
It can create the vulnerability on the server, because after convertation of
the server users in those groups will have permissions which are higher than of a simple user.
Please move the users to another group(s).
Description
The cldploy script has detected that the groups clsudoers and clsupergid are not empty .i.e there is at least one user that belongs to one of these groups. As a part of its installation process, the cldploy script will check to see if any of the special groups mentioned above contain any user. Here is the function responsible for these checks:
function check_that_groups_clsupergid_and_clsudoers_are_empty ()
{
local var_lve="/var/lve"
local already_passed="${var_lve}/.clsupergid_clsudoers_check_is_passed.cldeploy"
local check=0
if [[ -f "${already_passed}" ]]; then
echo "Check that groups clsupergid and clsudoers are empty is skipped, because it has been run" >> "${log}"
return 0
fi
# check that the special groups don't contain any user
echo "Check that groups clsupergid and clsudoers are empty" >> "${log}"
local result=$(getent group clsupergid | awk -F ':' '{print $4; exit}' 2>&1)
echo "Check that the group clsupergid doesn't contain any user" >> "${log}"
echo "${result}" >> "${log}"
[[ "" != "${result}" ]] && let check+=1
local result=$(getent group clsudoers | awk -F ':' '{print $4; exit}' 2>&1)
echo "Check that the group clsudoers doesn't contain any user" >> "${log}"
echo "${result}" >> "${log}"
[[ "" != "${result}" ]] && let check+=1
# check that the users with special names don't belong to special groups
echo "Check that the user clsupergid doesn't belong to the group with same name" >> "${log}"
id -ng "clsupergid" 2>/dev/null | grep -w "clsupergid" >> "${log}" && let check+=1
echo "Check that the user clsupergid doesn't belong to the group with same name" >> "${log}"
id -ng "clsudoers" 2>/dev/null | grep -w "clsudoers" >> "${log}" && let check+=1
if [[ "0" != "${check}" ]]; then
echo "You have users in group clsudoers or clsupergid or in both groups" | tee -a "${log}"
echo "It can create the vulnerability on the server, because after convertation of" | tee -a "${log}"
echo "the server users in those groups will have permissions which are higher than of a simple user." | tee -a "${log}"
echo "Please move the users to another group(s)." | tee -a "${log}"
rm -f "${lock}"
exit 1
fi
mkdir -p "${var_lve}"
chmod 755 "${var_lve}"
touch "${already_passed}"
}
These checks are necessary to do in order to make special users/software (nagios, cPanel’s mailman) work correctly if they are ever installed to the system.
Workaround
You need to identify what user already belongs to these groups and remove that user from either/both groups. First list if they have any users by running this command:
egrep 'clsudoers|clsupergid' /etc/gshadow
If you see any user listed, then that means you need to change the group of that user to something else. For that you can refer to this article:
After doing that if the installation is not already completed, then you can try to run the installer again. This time the error should disappear.
Comments
0 comments
Article is closed for comments.