Cant get user out of LVE

Collapse
X
Collapse
+ More Options
Posts
 
  • Time
  • Show
Clear All
new posts
  • cloudlinux
    Junior Member
    Forum Explorer
    • Mar 2021
    • 11

    #1

    Cant get user out of LVE

    Hi,

    I need a user to stay out completely from LVE so it can view all processes.
    Ive tried the following without success:

    -> usermod -u 55 netdata (to set a UID below 500)
    -> usermod -G wheel netdata (to add it to the "wheel" user that supposedly is out of LVE)
    -> edit /etc/pam.d/sshd and add:

    session required pam_lve.so 500 1 wheel,netdata

    The only thing that works is adding the user to the "clsupergid" like this:
    usermod -G clsupergid netdata

    But seems that there is some cloudlinux cron that pulls the user out of this group after some time.

    Ignacio
  • skhristich
    Senior Member
    • Nov 2019
    • 595

    #2
    Hello Ignacio,
    Thank you for reaching out! The information will be useful to you in this document https://docs.cloudlinux.com/cloudlin...xcluding-users
    If you have any other questions, feel free to ask here. Thank you for contacting us.

    Comment

    • imorandin
      Junior Member
      • Jul 2017
      • 11

      #3
      Hi Sergey,

      Thanks but I forgot to tell that Ive already tried that.
      I also tried disabling CageFS for the user:

      #echo "netdata" > /etc/cagefs/exclude/netdata
      # cagefsctl --disable netdata
      Error: user netdata does not exist
      # cagefsctl --user-status netdata
      Disabled

      Ignacio

      Comment

      • skhristich
        Senior Member
        • Nov 2019
        • 595

        #4
        Ignacio,
        In this case, can you open a support ticket https://cloudlinux.zendesk.com/hc/en-us/requests/new so we can take a closer look at your system? You can post the ticket number here and well link this thread to it. Thanks.

        Comment

        • imorandin
          Junior Member
          • Jul 2017
          • 11

          #5
          Thanks Sergey, here is the ticket ID: #80593

          Comment

          • skhristich
            Senior Member
            • Nov 2019
            • 595

            #6
            Hello Ignacio,
            Thank you, our specialists will answer you on the ticket as quickly as possible.

            Comment

            • skhristich
              Senior Member
              • Nov 2019
              • 595

              #7
              Hi,
              Did you get this fixed? Im having the same problems.

              Comment

              • skhristich
                Senior Member
                • Nov 2019
                • 595

                #8
                Thank you for reaching out! The solution was as follows: [code type="markup"] [root@pluto ~]# cat /etc/group | grep 1000 psaadm:x:1000saadm,sw-cp-server [root@pluto ~]# sysctl -a | grep super fs.proc_super_gid = 1000 [/code] A supergroup that’s able to see all processes is psaadm. We have also checked this on our test Plesk server - config is the same. The solution will be adding user ‘netdata’ to ‘psaadm’ group. If it does not help, please create a ticket here https://cloudlinux.zendesk.com/hc/en-us/requests/new and technical experts will help you asap. If you have any other questions, feel free to ask here. Thank you for contacting us.

                Comment

                Working...