[HOWTO] mod_ruid2
- Thread starter daveyw
- Start date
SeLLeRoNe
Super Moderator
Sorry but this forum is for directadmin panel.
Ive never used zpanel so ive no idea where those file are located in it.
Regards
Ive never used zpanel so ive no idea where those file are located in it.
Regards
SeLLeRoNe
Super Moderator
Remove the load module section of mod_ruid2 in httpd.conf
Regards
Regards
Richard G
Verified User
For those interested.
Mind04 released a new version of mod_ruid2 today.
Version 0.9.7. Main change is that mod_ruid2 uses a lot less memory. Especially on servers with many virtual hosts (several hundreds), the saving could be substantial, according to the developper.
Mind04 released a new version of mod_ruid2 today.
Version 0.9.7. Main change is that mod_ruid2 uses a lot less memory. Especially on servers with many virtual hosts (several hundreds), the saving could be substantial, according to the developper.
does anyone have a solution to prevent user from viewing / edit another user's file?
for example the use of php function file_get_contents() - can be prevented by open basedir, but what about CGI scripts, perl, etc..
suPHP is the best solution out there for high security.
mod_ruid2 isn't good enough for shared hosting.
for example the use of php function file_get_contents() - can be prevented by open basedir, but what about CGI scripts, perl, etc..
suPHP is the best solution out there for high security.
mod_ruid2 isn't good enough for shared hosting.
SeLLeRoNe
Super Moderator
So, use suPHP if you prefer that.
Also, for prevent user from viewing/edit other users file try access group (search forum for how-to)
Regards
Also, for prevent user from viewing/edit other users file try access group (search forum for how-to)
Regards
Arieh
Verified User
I think in neither mod_ruid2 or suphp you can prevent cgi scripts in cgi-bin to look into /etc /usr and such, I just disable cgi-bin for everyone, no one uses it anyway. In CloudLinux of course it isn't a problem, neither are any php restrictions necessary 
already did, nothing changed.
I think in neither mod_ruid2 or suphp you can prevent cgi scripts in cgi-bin to look into /etc /usr and such, I just disable cgi-bin for everyone, no one uses it anyway. In CloudLinux of course it isn't a problem, neither are any php restrictions necessary
i also disabled cgi-bin access for all of my users, but it's not solved my problem.
Arieh
Verified User
You could also disable the cgi completely from apache at compiling level
"--disable-cgid" \
"--disable-cgi"
But you should then look at cron jobs, they are the same as ssh access.
See this post from DA, http://www.directadmin.com/forum/showthread.php?t=31420&p=159122#post159122 and read the last line.
Basically thats what CloudLinux did. Don't pin me down on it, this is how I think it works; you have one copy of many system files - and that copy is being used for all users. Its about 1GB. Then each user has a set of folders, mainly /etc/ stuff, like their own passwd file. Only a few MB per user. And in some way it gets mounted and a user has its own virtual environment in ssh, php, cgi, cron etc.
If you don't want to use it, I do think you could manage something by chmodding a lot of stuff. But I don't you get it bullet proof like that.
"--disable-cgid" \
"--disable-cgi"
But you should then look at cron jobs, they are the same as ssh access.
See this post from DA, http://www.directadmin.com/forum/showthread.php?t=31420&p=159122#post159122 and read the last line.
Basically thats what CloudLinux did. Don't pin me down on it, this is how I think it works; you have one copy of many system files - and that copy is being used for all users. Its about 1GB. Then each user has a set of folders, mainly /etc/ stuff, like their own passwd file. Only a few MB per user. And in some way it gets mounted and a user has its own virtual environment in ssh, php, cgi, cron etc.
If you don't want to use it, I do think you could manage something by chmodding a lot of stuff. But I don't you get it bullet proof like that.
Do I need to build php after build apache with disable cgi ?
Arieh
Verified User
No, and also you might as well add "--disable-proxy-scgi" or anything else you see at httpd -l | grep cgi
At php configuration I've added --disable-posix in relation to mod_ruid2 - in which case of course you do have to rebuild php.
in php.ini should make sure dl is one of the disable_functions.
At php configuration I've added --disable-posix in relation to mod_ruid2 - in which case of course you do have to rebuild php.
in php.ini should make sure dl is one of the disable_functions.
pppplus
Verified User
- Joined
- Dec 19, 2008
- Messages
- 524
new version mod_ruid2-0.9.7 is here :
http://sourceforge.net/projects/mod-ruid/files/mod_ruid2/mod_ruid2-0.9.7.tar.bz2/download
http://sourceforge.net/projects/mod-ruid/files/mod_ruid2/mod_ruid2-0.9.7.tar.bz2/download
Richard G
Verified User
@PPPPLus: You're a bit late. Look a few posts higher post #345, that version was release already may 14th.
pppplus
Verified User
- Joined
- Dec 19, 2008
- Messages
- 524
Yes I am a little late, but I give the link to download new version.
It would be very good to update first post (I know it is some work), with new links, and new features.
Now mod_ruid2 is already in template in DirectAdmin (from some version), so no need to modify template.
It would be very important to write also, that it is necessary to delete all file with sess_ in /tmp, in running servers. (It's impossible to connect to websites without deleting old sess_ files).
This how-to is very usefull, but a little hard to use now, with a lot of posts.
All new problems / solutions have to be in the first post I think.
Thanks again for this how-to. mod_ruid2 is a very usefull mod
It would be very good to update first post (I know it is some work), with new links, and new features.
Now mod_ruid2 is already in template in DirectAdmin (from some version), so no need to modify template.
It would be very important to write also, that it is necessary to delete all file with sess_ in /tmp, in running servers. (It's impossible to connect to websites without deleting old sess_ files).
This how-to is very usefull, but a little hard to use now, with a lot of posts.
All new problems / solutions have to be in the first post I think.
Thanks again for this how-to. mod_ruid2 is a very usefull mod
Richard G
Verified User
I never had that problem. I never changed the httpd-directories.conf either, but I only use Roundcubemail as webmail.
I agree with you that first post could do with some rewriting because template changes are not needed anymore. That's not much work.
Richard G
Verified User
It's good to know this solution then when somebody encounters this problem.
Nowadays I advise everybody to implement mod_ruid2 already when building and configuring the server.
Nowadays I advise everybody to implement mod_ruid2 already when building and configuring the server.
Arieh
Verified User
Yes the thread definitely needs to be updated. Its also a good practice to simply link to http://sourceforge.net/projects/mod-ruid/files/latest/download - in which case you never have to update the download url. SF probably made the /latest url for situations like these.
