1. Forums
  2. General
  3. General Discussion
  1. John Quaglieri
  2. Tuesday, 02 July 2019
  3.  Subscribe via email
lsapi supports some features of cagefs I don't see in use with in cloudlinux. Specifically LSAPI_CAGEFS_NO_SUEXEC which I set with env variable LSAPI_LVE_ENABLE=3

This is useful to drop privs of php running on an account on specific folders. For instance I can drop wordpress sites permissions to run as the apache user (nobody) for all folders except wp-admin and keep them with in cagefs. This allows functions in wp-admin to work easily as user's expect and add a bit more security to wordpress sites by not allowing permissions for write access unless logged in.
Rate this post:
  1. 02.07.2019 14:07:42
  2. # 1
Sergey Khristich Accepted Answer
Posts: 504
Joined: 20.05.2019
Hello John! Thank you for reaching out.
If you give the opportunity to run PHP scripts from the user Apache (nobody), then there is a high probability that your server will be subject to ddos attack. The processes that run from under the user Apache (nobody) are not placed in LVE and for them, the limits for entry processes are not considered, so these domains will be able to use all existing Apache workers, which makes it inoperative. In suexec mode, each account has its own entry processes limit, so having reached its limit, the server will continue its normal operation for the remaining accounts.
Marketing Manager
  • Page :
  • 1

There are no replies made for this post yet.
Be one of the first to reply to this post!
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.

EU e-Privacy Directive

We use cookies to ensure you get the best experience using our website and services. Read more about it in our Privacy Policy. Please agree to the use of cookies to proceed. Alternatively, you may disable cookies in your browser at any time.

You have declined cookies. This decision can be reversed.

You have allowed cookies to be placed on your computer. This decision can be reversed.