Skip to main content

Started Getting Apache vhosts are not segmented warning



  • jazee
    ...may result in unintended consequences.

    This hits the nail on the head based on gut instinct of over 30 years SysAdmin experience. I think I may have one account this is running a script that has some dependency or needs access to some files outside the /home/{account name} directory. Enabling the jailshell I anticipated would probably just create more problems than it solves. In fact, as the saying goes, "if it's not broke, don't try to fix it." That is one of THE golden rules in SysAdmin. The problem is, I don't think there's a way I can turn off the warning for just this particular high priority issue notification. I would have to turn off all emails and I don't mind getting ones Cpanel considers high priority. Time is precious and I don't have time to futz around with a test server just to test this one issue. Maybe I'll do it when I move to a new server with AlamaLinux O/S next year. Kind of pissed they are sending recommendations to implement something largely considered experimental.
  • Nathan Lyle
    The warning makes no sense as a "high" level warning.... Apache vhosts are not segmented or chroot()ed. Enable "mod_ruid2" in the "EasyApache 4" area, enable "Jail Apache" in the "Tweak Settings" area, and change users to jailshell in the "Manage Shell Access" area. Consider a more robust solution by using "CageFS on CloudLinux". Note that this may break the ability to access mailman via Apache." My accounts have access disabled by default, with only one set to jailed, none are actually open. But WHM keeps warning me I should enable an experimental feature. Given that I have "high" level warnings set to alert to my phone, this is a very annoying repetitive issue. It comes off like an ad for CageFS.

Please sign in to leave a comment.