[HOWTO] mod_ruid2

Are you using somehow in mod_ruid2:

RDocumentChrRoot - Set chroot directory and the document root inside
 
I haven't but maybe we should. As I understand it, its just an replacement for a regular DocumentRoot. It would mean that DocumentRoot should be replaced with RDocumentChRoot in the templates.

As it is yet another extra chroot, you could run into problems so before rolling it out for all domains you could test it first on one or a few domains. I'm gonna see what happens.

edit: tried a bit, and I don't get it working. You need 2 parameters:

RDocumentChRoot /home/user /domains/domain.tld/public_html

(so I just made a space between user /domains)

And I get
CRITICAL ERROR ruid_setup:cap_set_proc failed
domain.tld GET / HTTP/1.1 chroot to /home/user failed

So I'll leave this for now.
 
Last edited:
daveyw, maybe worth to add in HowTo few more changes.
If customers use perl or cgi scripts need to change permissions to these files:
Code:
find /home/*/domains/*/public_html  -type f -name '*.cgi*' -exec chmod 755 {} \;
find /home/*/domains/*/public_html  -type f -name '*.pl*' -exec chmod 755 {} \;
find /home/*/domains/*/public_html  -type f -name '*.pm*' -exec chmod 755 {} \;
 
thanks but suPHP better :)
Everyone his own thing, we like mod_ruid(2) more :)

We have no problems with mod_ruid2 since we are using it, and our servers are more safe now :)

But everyone is free to take his own decision
 
opinion, but mod_ruid faster.
On a server with insufficient resources this makes sense, since running PHP as a cgi definitely uses more resources.

I'm curious if anyone has tested mod_ruid on older servers or smaller VPS servers, where PHP as cgi often has problems.

Jeff
 
Somebody knows why these errors appearing?

[Thu Nov 11 14:19:36 2010] [error] mod_ruid2 CRITICAL ERROR ruid_setup:cap_set_proc failed
[Thu Nov 11 14:19:36 2010] [error] mod_ruid2 CRITICAL ERROR ruid_uiiii:cap_set_proc failed before setuid
[Thu Nov 11 14:19:36 2010] [error] mod_ruid2 CRITICAL ERROR ruid_setup:cap_set_proc failed
[Thu Nov 11 14:19:36 2010] [error] mod_ruid2 CRITICAL ERROR ruid_uiiii:cap_set_proc failed before setuid
[Thu Nov 11 14:19:36 2010] [error] mod_ruid2 CRITICAL ERROR ruid_setup:cap_set_proc failed
[Thu Nov 11 14:19:36 2010] [error] mod_ruid2 CRITICAL ERROR ruid_uiiii:cap_set_proc failed before setuid
[Thu Nov 11 14:19:36 2010] [error] mod_ruid2 CRITICAL ERROR ruid_setup:cap_set_proc failed
[Thu Nov 11 14:19:36 2010] [error] mod_ruid2 CRITICAL ERROR ruid_uiiii:cap_set_proc failed before setuid
[Thu Nov 11 14:19:36 2010] [error] mod_ruid2 CRITICAL ERROR ruid_setup:cap_set_proc failed
[Thu Nov 11 14:19:36 2010] [error] mod_ruid2 CRITICAL ERROR ruid_uiiii:cap_set_proc failed before setuid
 
On a server with insufficient resources this makes sense, since running PHP as a cgi definitely uses more resources.

I'm curious if anyone has tested mod_ruid on older servers or smaller VPS servers, where PHP as cgi often has problems.

Jeff

tested in old server p4 and vps cpu 1gz work better then before lol :)
mod_ruid2 better then suphp

Wael
 
for some admins ruid2 is better than other solution.
some time ago i did my own tests. by my tests ruid2 faster.

iprodua, if you want you can contact me (i can speak russian ;).
 
for some admins ruid2 is better than other solution.
Some time ago i did my own tests. By my tests ruid2 faster.

Iprodua, if you want you can contact me (i can speak russian ;).

thnx...)))
 
Sounds like a very nice option, but reading a little bit it looks like it could be insecure to run a default centos kernel with this? What are the real risks involved?

Cheers!
 
Hello, I am very interested in using this mod. For safety reasons basically and for speed if that's a side effect.

But I'm a bit scared to use it. Would it be recommened in a shared server scenerio with 90 users and 300 sites for example?
 
Back
Top