Symptoms
On CloudLinux servers you might run into the following error message:
cldiag --check-symlinkowngid
Check fs.symlinkown_gid:
FAILED: Web-server user 'nobody' is not in protected group specified in /proc/sys/fs/symlinkown_gid. Fix the issue to provide symlink protection for apache user and as a result make your Web Server more secure.
See details: https://docs.cloudlinux.com/command-line_tools/#check-symlinkowngid
There are 1 errors found.
Description
This is caused when the GID of the "nobody" user does not match what's in the "/proc/sys/fs/symlinkown_gid" file:
grep -Ei "\b99\b" /etc/group
cat /proc/sys/fs/symlinkown_gid
99
grep -Ei "\bnobody\b" /etc/group
nobody:x:65534:
Workaround
You need to manually update that value using the below steps:
1. Run the following command to see the correct GID for the "nobody" user:
id nobody
2. Edit the /etc/sysctl.conf file, add or edit the line: (Replace "XX" with the GID of nobody)
fs.symlinkown_gid = XX
3. And execute:
$ sysctl -p