What does "Error : failed to create symlink (13)Permission denied" mean

We have recently introduced new protection type, called Link Traversal Protection


In very rare cases, it might break some of the CloudLinux and cPanel functionality, for example: 

# selectorctl --set-user-current=5.4 --user=user
Error : failed to create symlink /home/user/.cagefs/opt/alt/php52/link/conf to /opt/alt/php52/etc/php.d:
[Err code 13] Permission denied
Error : failed to create symlink /home/user/.cagefs/opt/alt/php53/link/conf to /opt/alt/php53/etc/php.d:
[Err code 13] Permission denied
Error : failed to create symlink /home/user/.cagefs/opt/alt/php51/link/conf to /opt/alt/php51/etc/php.d:
[Err code 13] Permission denied
Error : failed to create symlink /home/user/.cagefs/opt/alt/php56/link/conf to /opt/alt/php56/etc/php.d:
[Err code 13] Permission denied


This means that the protection is enabled, both keys fs.protected_symlinks_create and fs.protected_hardlinks_create are set to 1, but the parameters set for fs.protected_symlinks_allow_gid and fs.protected_hardlinks_allow_gid are not correct. The values shall correspond to the linksafe group ID, for example: 

# getent group linksafe
linksafe:x:993:mailman
# sysctl -a |grep allow_gid
fs.protected_hardlinks_allow_gid = 993
fs.protected_symlinks_allow_gid = 993
Was this answer helpful? 0 Users Found This Useful (3 Votes)