To use New Relic and CloudLinux (with CageFS) together, you have to do some changes to your configuration. This post assumes that you use EasyApache 4.
Some time ago I wrote a blog post “Auto deploy New Relic apps in cPanel“, which covers steps how to make each account in cPanel their own application within New Relic. But since a lot of hosting companies use CloudLinux to increase stability and security of their system it can cause issues due to permissions.
CloudLinux will put each individual user in its own virtual environment using CageFS, this prevents users from reading big parts of the filesystem and other users processes, including things required by New Relic.
New Relic Servers / Infrastructure agent
If you use New Relic Server Monitoring or Infrastructure, you have to ensure the user that runs the agent can read the system processes, for this, you’ll have to modify your
You need to obtain the group ID of the newrelic user, this can be done using the command:
getent group newrelic
The output will be something like
newrelic:x:GroupID: – save the GroupID for later.
In your /etc/sysctl.conf you have to add following lines:
fs.proc_can_see_other_uid = 0 fs.proc_super_gid = GroupID
We put the GroupID in the above line called ‘proc_super_gid’ – it only accepts a single Group ID, so if you’re already making use of this sysctl setting, then create a group for all users that should be able to read other users processes.
When you’ve saved the file, you can apply the settings directly using
If you use CageFS from CloudLinux, you have to add the username to the file
New Relic APM
If you use New Relic APM you also have to modify your New Relic PHP agent a bit.
To install the New Relic PHP Agent in EasyApache 4 versions, you have to do something like:
NR_INSTALL_PATH=/opt/cpanel/ea-php56/root/usr/bin; export NR_INSTALL_PATH; newrelic-install NR_INSTALL_PATH=/opt/cpanel/ea-php70/root/usr/bin; export NR_INSTALL_PATH; newrelic-install NR_INSTALL_PATH=/opt/cpanel/ea-php71/root/usr/bin; export NR_INSTALL_PATH; newrelic-install
This will make New Relic PHP agent detect your new versions.
You’ll also have to add your New Relic socket to the file,
/etc/cagefs/cagefs.mp and afterwards perform the command
It should leave you with a working New Relic setup on CloudLinux servers.