soulshepard
Verified User
- Joined
- Feb 7, 2008
- Messages
- 134
Hello all,
I am tesing the custom build 2.0 setups and i get a bit lost with the choises to make:
in the previous custom build i would use php 5.3, manually install modruid2 + suhosin, secure php, get a seperated temp, run csf with some ip blockers etc
in the end the goal is to run processes as the user, have their webfiles only chmodded as the user and try to isolate the user part as much as possible (not running cloudlinux only centos 6)
now with cb2.0 i face the choices with php-fpm, the php selector and a combination of modruid2
but when i run ./build rewrite_confs i get
i dont understand why this would not be compatible, would the problem still not be that the apache process runs under apache.. thus be subjected to executing processes not as the user without mod_ruid2? and that a compromised website can "find" all apache owned files and essentially bring down you server?
in this post it hints that modruid2 and php-fpm can be run at the same time?
http://forum.directadmin.com/showthread.php?t=45172&p=230965#post230965
so where did it change or what do you use in this case?
so to summerize
i tried to run php1=5.5 and php2=5.4 have the mode1=mod_php and mode2=php-fpm this is not working
the only option is then mod_php and suphp or both options php-fpm but then would the process still run under the user for the webserver.. if you cannot use modruid2 with php-fpm?
in short it seems all option dont seem to realize the goal by having two versions of php + modruid2
And one other thing i miss was: suhosin, it seems the project is dead, and or most bugs that are fixed with suhosin are probably fixed in php 5.5 and ofcouse what new bugs have been introduced. ;(
but i used suhosin also as a way to disable ph functions per user when it was needed, to quickly close a gap, fix or open things. does anyone know of a way to do this without suhosin?
any input is greatly appreciated.
Soul
I am tesing the custom build 2.0 setups and i get a bit lost with the choises to make:
in the previous custom build i would use php 5.3, manually install modruid2 + suhosin, secure php, get a seperated temp, run csf with some ip blockers etc
in the end the goal is to run processes as the user, have their webfiles only chmodded as the user and try to isolate the user part as much as possible (not running cloudlinux only centos 6)
now with cb2.0 i face the choices with php-fpm, the php selector and a combination of modruid2
but when i run ./build rewrite_confs i get
Code:
apache webserver is not compatible with php-fpm or php-fastcgi PHP mode with mod_ruid2 enabled
i dont understand why this would not be compatible, would the problem still not be that the apache process runs under apache.. thus be subjected to executing processes not as the user without mod_ruid2? and that a compromised website can "find" all apache owned files and essentially bring down you server?
in this post it hints that modruid2 and php-fpm can be run at the same time?
http://forum.directadmin.com/showthread.php?t=45172&p=230965#post230965
so where did it change or what do you use in this case?
so to summerize
i tried to run php1=5.5 and php2=5.4 have the mode1=mod_php and mode2=php-fpm this is not working
the only option is then mod_php and suphp or both options php-fpm but then would the process still run under the user for the webserver.. if you cannot use modruid2 with php-fpm?
in short it seems all option dont seem to realize the goal by having two versions of php + modruid2
And one other thing i miss was: suhosin, it seems the project is dead, and or most bugs that are fixed with suhosin are probably fixed in php 5.5 and ofcouse what new bugs have been introduced. ;(
but i used suhosin also as a way to disable ph functions per user when it was needed, to quickly close a gap, fix or open things. does anyone know of a way to do this without suhosin?
any input is greatly appreciated.
Soul
Last edited: