Symptoms
On CloudLinux servers, you might run into the following error message:
cldiag --check-symlinkowngid
Check fs.symlinkown_gid:
FAILED: Web-server user 'nobody' is not in protected group specified in /proc/sys/fs/symlinkown_gid. Fix the issue to provide symlink protection for apache user and as a result make your Web Server more secure.
See details: https://docs.cloudlinux.com/command-line_tools/#check-symlinkowngid
There are 1 errors found.
Description
This is caused when the GID of the "nobody" user does not match what's in the /proc/sys/fs/symlinkown_gid
file. The "nobody" user's GID must be updated in the /etc/sysctl.conf
file.
Workaround
- Access the server's command line as the 'root' user via SSH or "Terminal" in WHM.
- Run the
id
command to see the correct GID for the "nobody" user.id nobody
- Open the
/etc/sysctl.conf
file in your preferred text editor. - Add or edit the
fs.symlinkown_gid
line.fs.symlinkown_gid = $GID
Please note that "$GID" must be replaced with thegid
value returned by the previous command. - Save the changes and exit the text editor.
- Run the
sysctl
commandsysctl -p