Correct GID for nobody in /etc/sysctl.conf CL8
We have a new CloudLinux 8 machine, it has no user accounts on it yet, it's being prepped.
There's a daily cron job that runs and it's reporting "Your CloudLinux Server has issues:"
Check fs.symlinkown_gid:
FAILED: Web-server user 'nobody' is not in protected group specified in /proc/sys/fs/symlinkown_gid. Fix the issue to provide symlink protection for apache user and as a result make your Web Server more secure.
See details: I have read the documentation about this at:
I had expected to see 99, can I assume that this has changed for CL8 and nobofy now runs as 65534?
On our CL6 machine it's set at 99.
In order to rectify this, do I update the line:
fs.symlinkown_gid = 99 in /etc/sysctl.conf
with
fs.symlinkown_gid = 65534
and then execute sysctl -p
I want to be 100% sure before I do this!
Thanks.
-
In order to rectify this, do I update the line: fs.symlinkown_gid = 99 in /etc/sysctl.conf with fs.symlinkown_gid = 65534 and then execute sysctl -p I want to be 100% sure before I do this! Thanks.
Yes, we had the same problem and that fixed it.0 -
We have a new CloudLinux 8 machine, it has no user accounts on it yet, it's being prepped. There's a daily cron job that runs and it's reporting "Your CloudLinux Server has issues:" Check fs.symlinkown_gid: FAILED: Web-server user 'nobody' is not in protected group specified in /proc/sys/fs/symlinkown_gid. Fix the issue to provide symlink protection for apache user and as a result make your Web Server more secure. See details: I have read the documentation about this at: I had expected to see 99, can I assume that this has changed for CL8 and nobofy now runs as 65534? On our CL6 machine it's set at 99. In order to rectify this, do I update the line: fs.symlinkown_gid = 99 in /etc/sysctl.conf with fs.symlinkown_gid = 65534 and then execute sysctl -p I want to be 100% sure before I do this! Thanks.
That is normal (at least on all of my CL8 boxes). 65534 is 'nobody'. And all of my symlink-related stuff is in /etc/sysctl.d/cloudlinux-linksafe.conf and /etc/sysctl.d/90-cloudlinux.conf M0 -
Yes, we had the same problem and that fixed it.
Thank you.0
Please sign in to leave a comment.
Comments
3 comments