[HOWTO] mod_ruid2

nobaloney · Dec 17, 2010

ViAdCk said:
Sounds like a very nice option, but reading a little bit it looks like it could be insecure to run a default centos kernel with this? What are the real risks involved?

What have you seen that makes you think it could be insecure to use it with a default CentOS kernel? What have you read?

Jeff

cyberneticos · Dec 17, 2010

Got it from the readme once you download the mod:

-there are some security issues, for instance if attacker successfully exploits the httpd process, he can set effective capabilities and setuid to root. i recommend to use some security patch in kernel (grsec),
or something..

That's kinda scary, but it might be becuase I?m no expert and maybe this is normal or expected.

jml75 · Dec 19, 2010

Compatible with mod_php and mod_vhost_alias

Hi guys,

I just heard of mod_ruid2 and I find it very interesting but there isn't much information about it out there.

So do you know if mod_ruid2 is compatible with mod_php and with mod_vhost_alias?

Also hav you ever played with RDocumentChrRoot?

Thanx!

SeLLeRoNe · Dec 21, 2010

EDIT: my problem is not related to ruid but to mod_security, bad posting.

Regards

pppplus · Jan 23, 2011

Hi,

I try to install mod_ruid2, but stop. Sites are unavailables, I've message : Forbidden when I want to access to them.

I stop just after :

Code:

/etc/init.d/httpd restart

So I do not modify permissions on files.
I prefer to stop, because after changing permissions, it's difficult to come back with previous permissions.

I've an error when I run /usr/local/directadmin/dataskq d800 :

Code:

MimeTypes::readFile(): Unable to open /usr/local/directadmin/data/users/admin/domains/5go.fr.handlers for reading

for each domains

I think about another problem :
I have some files in cgi folder with permissions 755, but these files are not .cgi or .pl. (they have no extension).
So how to modify script, to not touch files with 755 permissions ?
This script :

Code:

cd /usr/local/directadmin/scripts && ./set_permissions.sh user_homes
find /home/*/domains/*/public_html -type d -print0 | xargs -0 chmod 711
find /home/*/domains/*/public_html -type f -print0 | xargs -0 chmod 644
find /home/*/domains/*/public_html -type f -name '*.cgi*' -exec chmod 755 {} \;
find /home/*/domains/*/public_html -type f -name '*.pl*' -exec chmod 755 {} \;
find /home/*/domains/*/public_html -type f -name '*.pm*' -exec chmod 755 {} \;
cd /usr/local/directadmin/data/users && for i in `ls`; do { chown -R $i:$i /home/$i/domains/*/public_html;}; done;

Thanks for your help

massive · Jan 23, 2011

I just installed mod_ruid2 on a new vps and i am trying to install joomla and i a getting the following error :

configuration.php not Writable

SeLLeRoNe · Jan 23, 2011

massive contact me on msn i can check it for you.

regards

massive · Jan 23, 2011

Thanks Andrea.
Problem solved. Wrong permissions in the parent folder.

massive · Jan 31, 2011

mpm_worker_module with mod_ruid2

Does anybode has experience with mod_ruid2 and mpm_worker_module
working together?

defomaz · Jan 31, 2011

just report
i've used mod_ruid + eaccelerrator then get trouble about user quota
user usage status on directadmin/repquota 4x bigger and not same with current user usage on his own directory /home/user/

after investigate, finnaly i found that eaccelerator cache file is also owned by user not root
so when Directadmin counting quota, eaccelerator cache also counted.

i still search solution, how to force eacellerator cache as root

thanks

snk · Feb 1, 2011

I think there is nothing wrong, this is user's files so it will be counted.
ea cache will be owner by root if you will run php from root, but this is wrong way.

Try to store ea cache to partition that not have quote

zaja · Feb 3, 2011

How to upgrade

Does anybody know how to upgrade mod_ruid2 from 0.9.1 to 0.9.3?

snk · Feb 3, 2011

look at first message

wget http://dave.t0xic.nl/tars/mod_ruid2-0.9.3.tar.bz2
tar xjf mod_ruid2-0.9.3.tar.bz2
cd mod_ruid2-0.9.3
apxs -a -i -l cap -c mod_ruid2.c

and restart httpd

SeLLeRoNe · Feb 4, 2011

how can i determinate which version is installed on my server?

mind · Feb 4, 2011

SeLLeRoNe said:
how can i determinate which version is installed on my server?

Version information is written to your httpd error log on startup.

SeLLeRoNe · Feb 4, 2011

thanks a lot

zaja · Feb 4, 2011

snk said:
look at first message

and restart httpd

Thanks, just upgraded.

defomaz · Feb 28, 2011

Hallow, have you know or use cloudlinux(www.cloudlinux.com )?
now cloudlinux support mod_ruid2, it's seem i'm the first who use cloudlinux with mod_ruid2
after submit ticket request not more than 1 week mod_ruid2 added in cloudlinux modhostinglimit

ViAdCk · Mar 2, 2011

I have activated mod_ruid2 on one server and a user is having problems with his cgi scripts. This is in the domain error log:

(13)Permission denied: exec of '/home/user/domains/domain.com/public_html/cgi-bin/count/tc.cgi' failed, referer: http://www.domain.com/
Premature end of script headers: tc.cgi, referer: http://www.domain.com/

The cgi-bin folder has 711 permissions and the cgi script 755 permissions.

Any thoughts?

daveyw · Mar 3, 2011

ViAdCk said:
(13)Permission denied: exec of '/home/user/domains/domain.com/public_html/cgi-bin/count/tc.cgi' failed, referer: http://www.domain.com/
Premature end of script headers: tc.cgi, referer: http://www.domain.com/

Before we can say whats the problem we would like to see what the first 5 lines are.

Having you this problem since you are using mod_ruid2 or not?
I can also remember something about

chmod 711 /usr/sbin/suexec

and then restart HTTPd.

[HOWTO] mod_ruid2

NoBaloney Internet Svcs - In Memoriam †

Verified User

New member

Super Moderator

Verified User

Verified User

Super Moderator

Verified User

Verified User

Verified User

Verified User

Verified User

Verified User

Super Moderator

Verified User

Super Moderator

Verified User

Verified User

Verified User

Verified User