Skip to main content

cPaddon security warning with mod_lsapi

Comments

12 comments

  • cPanelMichael
    Hello, Could you open a bug report for this issue so we can take a closer look? Submit A Bug Report Thank you.
    0
  • Rodrigo Gomes
    Hello Michael! Already done: Your Request ID is: 9107765
    Thank you!
    0
  • cPanelMichael
    Hello, To update, internal case CPANEL-17481 was opened to report the issue where "cPanel >> Site Software" does not consider lsapi before displaying the following security warning: "Warning: The web server does not run scripts as the script owner. With this configuration, we must set the file permission on this application more permissively. This can result in security issues with this application on shared servers. Only use this cPAddon with this configuration if you use a dedicated server. To enable the more secure mode, contact your hosting provider and request that they install ruid2 or itk on the web server. After your administrator enables the module, they can run the /usr/local/cpanel/scripts/fix_addon_permissions script to adjust the security of any cPAddons with this security policy."
    I'll monitor this case and update this thread with more information as it becomes available. Thank you.
    0
  • jndawson
    Hello, To update, internal case CPANEL-17481 was opened to report the issue where "cPanel >> Site Software" does not consider lsapi before displaying the following security warning: [snip] I'll monitor this case and update this thread with more information as it becomes available. Thank you.

    Howdy - Any status? Also, where can we find a case list to check status ourselves? Searching the cPanel website results in nothing. thanks,
    0
  • cPanelMichael
    Hi @jndawson, We don't offer a public listing of all active bugs and their statuses at this time, however we're happy to provide more information on the status of a particular case anytime you'd like an update. Internal case CPANEL-17481 is still open at this time. There's no new information to report as of now, but I'll update this thread as soon as new information is available. Thank you.
    0
  • jndawson
    Michael, Thanks for the update. We want to roll out more Cloudlinux installs, but won't until this false warning is corrected. thanks, Jim
    0
  • ijsaul
    I'm seeing the same behavior now, 8 months later. Any pathway to resolution? Thanks.
    0
  • cPanelMichael
    Hello @ijsaul, The case is still open, and there's no time frame to provide on a solution at this time. I'll update this thread as soon as more information is available. Thank you.
    0
  • neoistone
    Warning: The web server does not run scripts as the script owner. With this configuration, we must set the file permission on this application more permissively. This can result in security issues with this application on shared servers. Only use this cPAddon with this configuration if you use a dedicated server. To enable the more secure mode, contact your hosting provider and request that they install ruid2 or itk on the web server. After your administrator enables the module, they can run the /usr/local/cpanel/scripts/fix_addon_permissions script to adjust the security of any cPAddons with this security policy. wordpress in installton
    0
  • eugenevdm.host
    How do I resolve this issue? Is there a way to tell the global web server to run scripts as the script owner?
    0
  • jndawson
    Over two years with this error. Why is it taking so long to address what is essentially a simple change?
    0
  • maverickws
    I agree. I've come across this thread long ago, and I'm reminded of it every now and then when someone tries to use the wordpress installer. It's an unpleasant experience and I strongly agree this should have been fixed by now.
    0

Please sign in to leave a comment.