Ok, we recently upgraded our servers to mod_ruid as a few clients had issues with some wordpress plug-ins. Mod_ruid2 solved these issues, sorted.

However, I know theres discussions about whether mod_ruid is an improvement or a hinder to security.

1. Like php-cgi, you don't need to chmod 777 files & directories, while this is more easier on a client perspective, it can be a hinder to the fact that any directory can be written to by default (maybe by an attack from within a vulnerable script);

2. Using mod_ruid2 with mod_security(2) does help (somewhat) with things mentioned in 1.

My main question is the fact that directories and files can be written to without doing anything - granted, nothing is 100% hack proof, but I'd like other admin's views on this.


On another note, can anyone suggest a reason for this outcome I'm having after upgrading to ruid2? Thanks