Symlink Protection patchset

John Schmerold

• October 15, 2017 08:29

A recent cpanel blog post refers us to The Symlink Protection patchset is available for free for CentOS 6 & 7, even if you are not running KernelCare CloudLinux states: "On standard RPM Apache installation, Apache is usually running under GID 48. On cPanel servers, Apache is running under user nobody, GID 99" How do we know if Apache is running on GID 99 or 48?

• 

  Muhammed Fasal

  • October 15, 2017 21:15

  Hi, You need to login to your server via SSH as root user and then execute below command to know UID and GID of Apache Process: ps -o euid,egid --ppid `netstat --inet --inet6 -pln|awk '/:80 / { split($7,tmp, "/"); print tmp[1]; }'`|sort |uniq|grep -v EUID

  0
• 

  24x7server

  • October 16, 2017 07:34

  Hi, You can also check this via executing below command directly on your server. # id apache The output of this command would be like: uid=48(apache) gid=48(apache) groups=48(apache)

  0
• 

  John Schmerold

  • October 16, 2017 10:35

  OK, in my case it appears to be running as user "nobody" is that optimal? [root@cp ~]# ps -o euid,egid --ppid `netstat --inet --inet6 -pln|awk '/:80 / { split($7,tmp, "/"); print tmp[1]; }'`|sort |uniq|grep -v EUID 99 99 EUID EGID [root@cp ~]# id nobody uid=99(nobody) gid=99(nobody) groups=99(nobody) id apache does not exist

  0
• 

  cPWilliamL

  • October 16, 2017 14:46

  Hi, The internal Apache configuration will also denote this:
  # grep -E ' (user|group):' /var/cpanel/conf/apache/main group: group: nobody user: user: nobody
  This is normal. I also wouldn't recommend trying to change the Apache user, as there are certain safeguards in place to prevent abuse by the Apache user `nobody'. Thanks,

  0

Please sign in to leave a comment.