Dear all,
We were forced to make the switch towards litespeed, which I hardly managed to make it running due to PAX issues. I spent a lot of time searching the web in order to find a solution, which was literally under my eyes and I barely saw it a few minutes ago.
For those in trouble installing / making programs run under ASL, where paxctl -m and paxctl -c will fail, be aware that there is a THIRD (but not mentioned) option, paxctl -C to CREATE the accordingly needed headers (I found this by running paxctl -h...!)
Ok, so now I have the security in place (I had to use softmode to install it) but the nightmare is far from being over...
On this server, there are a lot of wordpress sites that use supercache plugin set to use gzip compression (at the plugin level). Basically, this plugin saves each page of the blog as html PLUS a gzip-ed packed file of the same content.
Now, guess what:
"grsec: From x.y.z.k (public ip): denied untrusted exec (due to being in untrusted group and file in non-root-owned directory) of /home/someuser/public_html/wp-content/cache/supercache/domain.org/index.html.gz by /usr/local/lsws/bin/lshttpd.4.2.21[litespeed:24160] uid/euid:99/99 gid/egid:99/99, parent /usr/local/lsws/bin/lshttpd.4.2.21[litespeed:24157] uid/euid:0/0 gid/egid:99/99"
Please help, I am really out of ideas so your input is and will be much appreciated...
Thank you very much in advance!
Helen
Denied untrusted exec ... (litespeed nightmare)
Re: Denied untrusted exec ... (litespeed nightmare)
If everything was easy, then the world wouldn't need engineers.
Re: Denied untrusted exec ... (litespeed nightmare)
Dear hostingg,
Thank you for your answer!
The only thing I did was to:
1. read the 3-4 posts here (reported issue was under apache)
2. understood that making apache user trusted is a no go - as chown root that folder (it belongs to a certain user account).
3. wrote the initail help request here
Now, my only merit was that I restarted the system - I had softmode turned off but never restarted.
And the merits go to... ASL!
After restarting, all came back to normal, meaning the darn litespeed IS working and any domains can have the gzip created...!
This is why I came back here, to summarize and to thank again to ASL devs that even with softmode on, were able to question certain "web server" activities.
A+!
With best regards,
Helen
Thank you for your answer!
The only thing I did was to:
1. read the 3-4 posts here (reported issue was under apache)
2. understood that making apache user trusted is a no go - as chown root that folder (it belongs to a certain user account).
3. wrote the initail help request here
Now, my only merit was that I restarted the system - I had softmode turned off but never restarted.
And the merits go to... ASL!
After restarting, all came back to normal, meaning the darn litespeed IS working and any domains can have the gzip created...!
This is why I came back here, to summarize and to thank again to ASL devs that even with softmode on, were able to question certain "web server" activities.
A+!
With best regards,
Helen