LSAPI_CAGEFS_NO_SUEXEC
Forum
Toggle Submenu
  1. Forums
  2. Recent
  3. Tags
Add a reply View Replies (1)
  1. Forums
  2. General
  3. General Discussion

Resolved LSAPI_CAGEFS_NO_SUEXEC

  1. John Quaglieri
    John Quaglieri
  2. Tuesday, 02 July 2019
  3.  Subscribe via email
lsapi supports some features of cagefs I don't see in use with in cloudlinux. Specifically LSAPI_CAGEFS_NO_SUEXEC which I set with env variable LSAPI_LVE_ENABLE=3

This is useful to drop privs of php running on an account on specific folders. For instance I can drop wordpress sites permissions to run as the apache user (nobody) for all folders except wp-admin and keep them with in cagefs. This allows functions in wp-admin to work easily as user's expect and add a bit more security to wordpress sites by not allowing permissions for write access unless logged in.
Rate this post:
0
Responses (1)
  1. 02.07.2019 14:07:42
  2. # 1
Sergey Khristich Accepted Answer
Sergey Khristich
Posts: 397
Joined: 20.05.2019
0
Votes
Undo
Hello John! Thank you for reaching out.
If you give the opportunity to run PHP scripts from the user Apache (nobody), then there is a high probability that your server will be subject to ddos attack. The processes that run from under the user Apache (nobody) are not placed in LVE and for them, the limits for entry processes are not considered, so these domains will be able to use all existing Apache workers, which makes it inoperative. In suexec mode, each account has its own entry processes limit, so having reached its limit, the server will continue its normal operation for the remaining accounts.
Marketing Manager
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Cite your Sources with a URL link to help readers verify facts or find more details.
Add Another Link
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.

General
General
  1. 529 posts
  2. 2 subcategories
CloudLinux and Control Panels
CloudLinux and Control Panels
  1. 1109 posts
  2. 5 subcategories
KernelCare
KernelCare
  1. 67 posts
  2. 1 subcategory
Imunify360
Imunify360
  1. 200 posts
  2. 1 subcategory

Stay in touch

CloudLinux Facebook Facebook 9K+ followers CloudLinux Twitter Twitter 10K+ followers CloudLinux YouTube Channel YouTube official channel CloudLinux on LinkedIn LinkedIn Follow us

Products
Success Stories
Partners
Support
About Us
privacy shield certified
aicpa soc
pci-dss
eu gdpr compliant

© All rights reserved. CloudLinux Inc.
Terms of Use | Privacy Policy | Vulnerability Reporting | Code of Ethics | Legal 

Call Sales at +1 (800) 231-7307

Email [email protected]