LSAPI_CAGEFS_NO_SUEXEC
Forum
  1. Forums
  2. General
  3. General Discussion
  1. John Quaglieri
  2. Tuesday, 02 July 2019
  3.  Subscribe via email
lsapi supports some features of cagefs I don't see in use with in cloudlinux. Specifically LSAPI_CAGEFS_NO_SUEXEC which I set with env variable LSAPI_LVE_ENABLE=3

This is useful to drop privs of php running on an account on specific folders. For instance I can drop wordpress sites permissions to run as the apache user (nobody) for all folders except wp-admin and keep them with in cagefs. This allows functions in wp-admin to work easily as user's expect and add a bit more security to wordpress sites by not allowing permissions for write access unless logged in.
Rate this post:
  1. 02.07.2019 14:07:42
  2. # 1
Sergey Khristich Accepted Answer
Posts: 75
Joined: 20.05.2019
0
Votes
Undo
Hello John! Thank you for reaching out.
If you give the opportunity to run PHP scripts from the user Apache (nobody), then there is a high probability that your server will be subject to ddos attack. The processes that run from under the user Apache (nobody) are not placed in LVE and for them, the limits for entry processes are not considered, so these domains will be able to use all existing Apache workers, which makes it inoperative. In suexec mode, each account has its own entry processes limit, so having reached its limit, the server will continue its normal operation for the remaining accounts.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.