cPaddon security warning with mod_lsapi
When a customer will install WordPress in auto installer of cPanel, he is getting the following warning:
The web server does not run scripts as the script owner. With this configuration, we must set the file permission on this application more permissively. This can result in security issues with this application on shared servers. Only use this cPAddon with this configuration if you use a dedicated server. To enable the more secure mode, contact your hosting provider and request that they install ruid2 or itk on the web server. After your administrator enables the module, they can run the /usr/local/cpanel/scripts/fix_addon_permissions script to adjust the security of any cPAddons with this security policy.
I use mod_lsapi, in Cloudlinux, which is safe and should not be seeing this warning.
I use mod_lsapi, in Cloudlinux, which is safe and should not be seeing this warning.
-
Hello, Could you open a bug report for this issue so we can take a closer look? Submit A Bug Report Thank you. 0 -
Hello Michael! Already done: Your Request ID is: 9107765
Thank you!0 -
Hello, To update, internal case CPANEL-17481 was opened to report the issue where "cPanel >> Site Software" does not consider lsapi before displaying the following security warning: "Warning: The web server does not run scripts as the script owner. With this configuration, we must set the file permission on this application more permissively. This can result in security issues with this application on shared servers. Only use this cPAddon with this configuration if you use a dedicated server. To enable the more secure mode, contact your hosting provider and request that they install ruid2 or itk on the web server. After your administrator enables the module, they can run the /usr/local/cpanel/scripts/fix_addon_permissions script to adjust the security of any cPAddons with this security policy."
I'll monitor this case and update this thread with more information as it becomes available. Thank you.0 -
Hello, To update, internal case CPANEL-17481 was opened to report the issue where "cPanel >> Site Software" does not consider lsapi before displaying the following security warning: [snip] I'll monitor this case and update this thread with more information as it becomes available. Thank you.
Howdy - Any status? Also, where can we find a case list to check status ourselves? Searching the cPanel website results in nothing. thanks,0 -
Hi @jndawson, We don't offer a public listing of all active bugs and their statuses at this time, however we're happy to provide more information on the status of a particular case anytime you'd like an update. Internal case CPANEL-17481 is still open at this time. There's no new information to report as of now, but I'll update this thread as soon as new information is available. Thank you. 0 -
Michael, Thanks for the update. We want to roll out more Cloudlinux installs, but won't until this false warning is corrected. thanks, Jim 0 -
I'm seeing the same behavior now, 8 months later. Any pathway to resolution? Thanks. 0 -
Hello @ijsaul, The case is still open, and there's no time frame to provide on a solution at this time. I'll update this thread as soon as more information is available. Thank you. 0 -
Warning: The web server does not run scripts as the script owner. With this configuration, we must set the file permission on this application more permissively. This can result in security issues with this application on shared servers. Only use this cPAddon with this configuration if you use a dedicated server. To enable the more secure mode, contact your hosting provider and request that they install ruid2 or itk on the web server. After your administrator enables the module, they can run the /usr/local/cpanel/scripts/fix_addon_permissions script to adjust the security of any cPAddons with this security policy. wordpress in installton 0 -
How do I resolve this issue? Is there a way to tell the global web server to run scripts as the script owner? 0 -
Over two years with this error. Why is it taking so long to address what is essentially a simple change? 0 -
I agree. I've come across this thread long ago, and I'm reminded of it every now and then when someone tries to use the wordpress installer. It's an unpleasant experience and I strongly agree this should have been fixed by now. 0
Please sign in to leave a comment.
Comments
12 comments