Hello everyone,
Since there are alot of people asking for it, here is my HowTo about mod_ruid2
This is based on my CentOS server with Apache 2.x.
Installing this module its no longer needed to chmod config files to 666 or upload/attachments directories to 777. Since with this module enabled everything @ HTTP will run under the user itself and not 'apache' anymore.
** If you are using mod_ruid instead of mod_ruid2, first of all remove the mod_ruid line from '/etc/httpd/conf/httpd.conf'
First, we are going to install libcap-devel
Lets confirm mod_ruid2 is added
Now we need to modify the DA httpd.conf templates a little bit to enable mod_ruid2 for the users
Now copy the template files to custom
Now follow the steps below for each virtual_host2 file you've copied
To be sure the webmail clients etc still works we need to change the owner permissions
Edit by NoBaloney; see posts 324 and 325, page 17 of this thread:
And last you need to modify httpd-directories.conf
Add the RUidGid line below between the <Directory "/var/www/html"> and </Directory>
* Thanks to Arieh for this change.
End edit by NoBaloney
** Questions with Answers **
-------------------------------------------------------
Q: How can I test this is working?
A: Easy, install some CMS that you are used before. Like Wordpress, Joomla that required (before!!) chmod 666 or 777 to get install/working.
Q: I've dirs/files owned by apache for some users, must I change this?
A: Yes, you need to give the dirs/files owner of the user itself, not apache anymore. Check below
Thanks for snk for the commands below, to fix the owner permissions of the dirs/files
You are missing a question, or you have a question, please let me know and I'll try to answer them for you!
Since there are alot of people asking for it, here is my HowTo about mod_ruid2
This is based on my CentOS server with Apache 2.x.
Installing this module its no longer needed to chmod config files to 666 or upload/attachments directories to 777. Since with this module enabled everything @ HTTP will run under the user itself and not 'apache' anymore.
** If you are using mod_ruid instead of mod_ruid2, first of all remove the mod_ruid line from '/etc/httpd/conf/httpd.conf'
First, we are going to install libcap-devel
After this is done we are going to download and install mod_ruid2yum -y install libcap-devel
Now, if you didn't get any errors mod_ruid2 should be installed and added to the '/etc/httpd/conf/httpd.conf'.wget -O mod_ruid2-0.9.7.tar.bz2 "http://downloads.sourceforge.net/project/mod-ruid/mod_ruid2/mod_ruid2-0.9.7.tar.bz2?r=&ts=1335638772&use_mirror=kent"
tar xjf mod_ruid2-0.9.7.tar.bz2
cd mod_ruid2-0.9.7
apxs -a -i -l cap -c mod_ruid2.c
Lets confirm mod_ruid2 is added
If you get any response like below its installedgrep 'mod_ruid2' /etc/httpd/conf/httpd.conf
LoadModule ruid2_module /usr/lib/apache/mod_ruid2.so
Now we need to modify the DA httpd.conf templates a little bit to enable mod_ruid2 for the users
Now copy the template files to custom
Now you have copied the original templates to the 'custom' directory, so they won't be overwritten.cd /usr/local/directadmin/data/templates/
cp virtual_host2* custom/
chown -R diradmin:diradmin custom/
Code:
cd /usr/local/directadmin/data/templates/custom/
Now follow the steps below for each virtual_host2 file you've copied
Save the files and lets rewrite the HTTPd config filesnano -w virtual_host2.conf
## replace line: SuexecUserGroup |USER| |GROUP|
## replace with: #SuexecUserGroup |USER| |GROUP|
## Add the lines below under the just replaced line
RMode config
RUidGid |USER| |GROUP|
RGroups apache
If you want you can start the rewrite of the HTTPd config files manually, just paste the line below and wait when its doneecho "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queue
After the rewrite is complete you can restart HTTPd with the command below/usr/local/directadmin/dataskq d800
Now mod_ruid2 should be installed and you don't need to chmod anymore like 'chmod 666 config.php' or 'chmod 777 uploads'./etc/init.d/httpd restart
To be sure the webmail clients etc still works we need to change the owner permissions
chown -R webapps:webapps /var/www/html
Edit by NoBaloney; see posts 324 and 325, page 17 of this thread:
And last you need to modify httpd-directories.conf
Code:
nano -w /etc/httpd/conf/extra/httpd-directories.conf
Code:
<Directory "/var/www/html">
Options -Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
<IfModule mod_suphp.c>
suPHP_Engine On
suPHP_UserGroup webapps webapps
SetEnv PHP_INI_SCAN_DIR
</IfModule>
RUidGid webapps webapps
</Directory>
End edit by NoBaloney
** Questions with Answers **
-------------------------------------------------------
Q: How can I test this is working?
A: Easy, install some CMS that you are used before. Like Wordpress, Joomla that required (before!!) chmod 666 or 777 to get install/working.
Q: I've dirs/files owned by apache for some users, must I change this?
A: Yes, you need to give the dirs/files owner of the user itself, not apache anymore. Check below
Thanks for snk for the commands below, to fix the owner permissions of the dirs/files
* Added '&&' so if they do a typo, it won't change anything.cd /usr/local/directadmin/scripts && ./set_permissions.sh user_homes
find /home/*/domains/*/public_html -type d -print0 | xargs -0 chmod 711
find /home/*/domains/*/public_html -type f -print0 | xargs -0 chmod 644
find /home/*/domains/*/public_html -type f -name '*.cgi*' -exec chmod 755 {} \;
find /home/*/domains/*/public_html -type f -name '*.pl*' -exec chmod 755 {} \;
find /home/*/domains/*/public_html -type f -name '*.pm*' -exec chmod 755 {} \;
cd /usr/local/directadmin/data/users && for i in `ls`; do { chown -R $i:$i /home/$i/domains/*/public_html;}; done;
You are missing a question, or you have a question, please let me know and I'll try to answer them for you!
Last edited by a moderator: