[HOWTO] mod_ruid2

Apache 2.4.x

I already heard from smtalk that I need a beta version of mod_ruid2. I'm not sure where to find that but I believe I've got mod_ruid2 working on one system with 2.4, so I'll do some research. In the meantime if you know where to get a beta version which will work please post it.

Thanks.

Jeff
 
Hello guys. I see DA is headed in the mod_ruid direction so I'm interested to know if using mod_ruid2, allows us to avoid using php as CLI but with the extra security and without the performance tag from php as CGI ? If anyone can give me a run down on what benefits there are from using this, it would be great. Thanks!
 
We use it and notice the same speed as we have with mod_php, but the security we have with php as CGI. There of course could be future security issues with the module, and php as CGI doesn't use a module, so in that respect it could be more secure.

We set PHP as CLI and then install mod_ruid2 following this HowTo.

Jeff
 
Hi Jeff, thanks a lot for your help, as always. Hope you've been well.

You know, since I'm not really a sysadmin, I'm more of a wannabe, I'm still a bit lost with all of this. I'm trying to decide if I should try going the mod_ruid2 route or the cloudlinux route.

I read in another thread, or maybe this one, that John from DA was starting to head in the mod_ruid2 direction.

Basically I'm, looking for a solution to speed and security (I guess like everyone is).

Any suggestion between these two?
 
You can't really compare mod_ruid2 to CL. mod_ruid2 is a patch for apache which makes sure files are being executed under its own user instead of apache. This is mainly secure, speed is not really a factor, only that for example suphp would be slower.

CloudLinux also adds security to your hosting environment, through CageFS. But the main feature of cloudlinux, I would say, is the dividing of resources between users. Where normally one site can use all servers resources; using cloudlinux, users will be limited to only their fair share. On a side note, mod_ruid2 can also be used within CloudLinux.

Over the past weeks I've been spending some time looking into CloudLinux and I must say it looks really good.

One factor has room for improvement; MySQL. They have MySQL Governor in beta, where you can set hard limits and if a user hits that limit, mysql will simply not be accessible for that user. This looks very similar to how apache is getting limited:

Each LVE limits amount of entry processes (Apache processes entering into LVE) to prevent single site exhausting all apache processes. If the limit is reached -- mod_hostinglimits will not be able to place apache process into LVE, and will return error code 503 (error code we selected, so that it wouldn't interfere with any other error codes). This way very heavy site would slow down and start returning 503 errors, without affecting other users.
Click to expand...

The difference is that MySQL will be sending failures to the website, which means the website has to handle this error instead of apache returning the 503, where the visitors request won't reach the website itself.

But I think the right way to handle MySQL would be setting the limit reasonable high; and include this limit in the terms and conditions. When a customer hits that limit, apparently the website is very popular and you could offer a VPS or something. Or maybe if MySQL usage isn't really causing problems, you can just not use this feature at all.

I'm planning on using CL myself in the near future.
 
Hi guys, can you clarify the mod_ruid2 replaces mod_php?

I want to use mod_ruid2 + suexec so I can get the memory stuff working in cloudlinux.

Is this correct?

Thanks
 
Hi Jeff!

thanks for the help. Yes. We see that mod_ruid2 doesn't replace mod_php, we also see mod_php5.

And best of all, it works :) Tested it on a few sites and it shows the user from that php they posted a few pages back.

I'm finally starting to understand all this apache mod stuff :) mod_ruid2 is perfect for servers that aren't going to use cloudlinux to it's full extent, or even without it completely (ie vps, ded servers) to get that fast action but still maintain security onboard.

Thanks to all for the help and clarification. Your help was very useful.

Cheers!
 
ok, just finish to install it :)
for some reason apache is still running under apache user.
in phpinfo() page i see that mod_ruid2 is loaded, but the user that running the page is apache.
I double checked the virtualhost of my test user and it seems ok.
am i missing something?
 
SeLLeRoNe said:
Have you rewrote the httpd.confs? the phpinfo() page is under a user or in /var/www/html?

Regards
Click to expand...

I have.
the phpinfo() is under the user.

I think i know what the problem is - mod_ruid2 won't work with worker/event mpms.
so..i guess the best option is to use mod_ruid2 with prefork mpm.

now i not sure if mod_ruid2 + prefork mpm will be faster than suPHP + php as CGI + event mpm.
what do you think?
 
Dont know, never tryed this combination.

But you can disabled worker and check if the problem is that, should be easy to do.

Regards
 
BestBoard said:
I have.
the phpinfo() is under the user.
Click to expand...
Phpsysinfo shows the content of the variables which hold the startup user and group of the apache processes. Since this value is not modified by mod_ruid2 phpsysinfo displays wrong information. If it's possible I fix this behavior in the next mod_ruid2 version..

Put this in a php script to verify mod_ruid operation
PHP: 
<?php
// outputs the username that owns the running php/httpd process
// (on a system with the "id" executable in the path)
//phpinfo();
echo exec('id');
?>
 
Last edited:
You must log in or register to reply here.
Back
Top