CloudLinux has some handy settings to protect against symlink race conditions. Run the following commands to insert the necessary protections in /etc/sysctl.conf:
sed -zi '/fs\.enforce_symlinksifowner/!s/$/\nfs\.enforce_symlinksifowner=1/' /etc/sysctl.conf
sed -zi '/fs\.protected_symlinks_create/!s/$/\nfs\.protected_symlinks_create=1/' /etc/sysctl.conf
sed -zi '/fs\.protected_hardlinks_create/!s/$/\nfs\.protected_hardlinks_create=1/' /etc/sysctl.conf
sed -zi '/fs\.process_symlinks_by_task/!s/$/\nfs\.process_symlinks_by_task=1/' /etc/sysctl.confIf you’re running cPanel, you can add the following additional command which will ensure that Apache will deny the following of symlinks to users other than the current user. This will prevent user1 from creating a symlink to user2:
sed -zi '/fs\.symlinkown_gid/!s/$/\nfs\.symlinkown_gid=99/' /etc/sysctl.conf