We have recently introduced new protection type, called Link Traversal Protection


In very rare cases, it might break some of the CloudLinux and cPanel functionality, for example: 

# selectorctl --set-user-current=5.4 --user=user
Error : failed to create symlink /home/user/.cagefs/opt/alt/php52/link/conf to /opt/alt/php52/etc/php.d:
[Err code 13] Permission denied
Error : failed to create symlink /home/user/.cagefs/opt/alt/php53/link/conf to /opt/alt/php53/etc/php.d:
[Err code 13] Permission denied
Error : failed to create symlink /home/user/.cagefs/opt/alt/php51/link/conf to /opt/alt/php51/etc/php.d:
[Err code 13] Permission denied
Error : failed to create symlink /home/user/.cagefs/opt/alt/php56/link/conf to /opt/alt/php56/etc/php.d:
[Err code 13] Permission denied


This means that the protection is enabled, both keys fs.protected_symlinks_create and fs.protected_hardlinks_create are set to 1, but the parameters set for fs.protected_symlinks_allow_gid and fs.protected_hardlinks_allow_gid are not correct. The values shall correspond to the linksafe group ID, for example: 

# getent group linksafe
linksafe:x:993:mailman
# sysctl -a |grep allow_gid
fs.protected_hardlinks_allow_gid = 993
fs.protected_symlinks_allow_gid = 993
Was this answer helpful? 0 Users Found This Useful (4 Votes)