Search Engine: Elastic

Article ID: 129569, created on Oct 9, 2016, last review on Jul 14, 2018

  • Applies to:
  • Operations Automation 5.5


On CloudLinux installations, shared hosting user can create hard links to any file on a node. Some automatic provisioning activities performed by Odin Automation Premium involve permission and ownership adjustments on a filesystem of a shared hosting node. By making hard link to a critical system file owned by root, malicious shared hosting user could trick Odin Automation to transfer file's ownership to the user and effectively gain root access to node by modifying that file.


The issue is fixed in CentOS 7 and Cloud Linux 6. Solution for these distributions is described in the appropriate article.

For Cloud Linux 5 apply the following solution:

For NG clustered environment:

  1. Review web servers included into the web cluster and identify number of Cloud Linux 5 - based nodes
  2. Add the same number of Cloud Linux 6 based hosts to keep capacity of the cluster. Use provider's guide as a reference.
  3. Remove Cloud Linux 5 hosts from the cluster
  4. For each Cloud Linux 6 server apply resolution from the appropriate article.

NOTE: As a result of migration the symptoms of #POA-104736 will take place. Follow the corresponding KB article to have it fixed.

For NG standalone server:

The only possible solution is to switch Cloud Linux 5 to the hybrid kernel.

  1. Perform the switch to the hybrid kernel:

    # yum update rhn-setup
    # /usr/sbin/normal-to-hybrid
    # reboot 

    Ensure that loaded kernel version is 2.6.32 (instead of non-hybrid kernel 2.6.18).

  2. Add the following lines to /etc/sysctl.conf file:

    fs.protected_symlinks_create = 1
    fs.protected_hardlinks_create = 1
  3. Apply settings executing:

    # sysctl -p

5b048d9bddf8048a00aba7e0bdadef37 caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07 5356b422f65bdad1c3e9edca5d74a1ae 2554725ed606193dd9bbce21365bed4e

Email subscription for changes to this article
Save as PDF