Announcement

Collapse
No announcement yet.

Cant get user out of LVE

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cant get user out of LVE

    Hi,

    I need a user to stay out completely from LVE so it can view all processes.
    Ive tried the following without success:

    -> usermod -u 55 netdata (to set a UID below 500)
    -> usermod -G wheel netdata (to add it to the "wheel" user that supposedly is out of LVE)
    -> edit /etc/pam.d/sshd and add:

    session required pam_lve.so 500 1 wheel,netdata

    The only thing that works is adding the user to the "clsupergid" like this:
    usermod -G clsupergid netdata

    But seems that there is some cloudlinux cron that pulls the user out of this group after some time.

    Ignacio

  • #2
    Hello Ignacio,
    Thank you for reaching out! The information will be useful to you in this document https://docs.cloudlinux.com/cloudlin...xcluding-users
    If you have any other questions, feel free to ask here. Thank you for contacting us.

    Comment


    • #3
      Hi Sergey,

      Thanks but I forgot to tell that Ive already tried that.
      I also tried disabling CageFS for the user:

      #echo "netdata" > /etc/cagefs/exclude/netdata
      # cagefsctl --disable netdata
      Error: user netdata does not exist
      # cagefsctl --user-status netdata
      Disabled

      Ignacio

      Comment


      • #4
        Ignacio,
        In this case, can you open a support ticket https://cloudlinux.zendesk.com/hc/en-us/requests/new so we can take a closer look at your system? You can post the ticket number here and well link this thread to it. Thanks.

        Comment


        • #5
          Thanks Sergey, here is the ticket ID: #80593

          Comment


          • #6
            Hello Ignacio,
            Thank you, our specialists will answer you on the ticket as quickly as possible.

            Comment


            • #7
              Hi,
              Did you get this fixed? Im having the same problems.

              Comment


              • #8
                Thank you for reaching out! The solution was as follows: [code type="markup"] [root@pluto ~]# cat /etc/group | grep 1000 psaadm:x:1000saadm,sw-cp-server [root@pluto ~]# sysctl -a | grep super fs.proc_super_gid = 1000 [/code] A supergroup that’s able to see all processes is psaadm. We have also checked this on our test Plesk server - config is the same. The solution will be adding user ‘netdata’ to ‘psaadm’ group. If it does not help, please create a ticket here https://cloudlinux.zendesk.com/hc/en-us/requests/new and technical experts will help you asap. If you have any other questions, feel free to ask here. Thank you for contacting us.

                Comment

                Working...
                X