[HOWTO] mod_ruid2

mjokiel

Verified User
Joined
Nov 18, 2009
Messages
31
Are you using somehow in mod_ruid2:

RDocumentChrRoot - Set chroot directory and the document root inside
 

Arieh

Verified User
Joined
May 27, 2008
Messages
1,199
Location
The Netherlands
I haven't but maybe we should. As I understand it, its just an replacement for a regular DocumentRoot. It would mean that DocumentRoot should be replaced with RDocumentChRoot in the templates.

As it is yet another extra chroot, you could run into problems so before rolling it out for all domains you could test it first on one or a few domains. I'm gonna see what happens.

edit: tried a bit, and I don't get it working. You need 2 parameters:

RDocumentChRoot /home/user /domains/domain.tld/public_html

(so I just made a space between user /domains)

And I get
CRITICAL ERROR ruid_setup:cap_set_proc failed
domain.tld GET / HTTP/1.1 chroot to /home/user failed

So I'll leave this for now.
 
Last edited:

snk

Verified User
Joined
Dec 19, 2007
Messages
102
daveyw, maybe worth to add in HowTo few more changes.
If customers use perl or cgi scripts need to change permissions to these files:
Code:
find /home/*/domains/*/public_html  -type f -name '*.cgi*' -exec chmod 755 {} \;
find /home/*/domains/*/public_html  -type f -name '*.pl*' -exec chmod 755 {} \;
find /home/*/domains/*/public_html  -type f -name '*.pm*' -exec chmod 755 {} \;
 

daveyw

Verified User
Joined
Jan 5, 2008
Messages
702
Location
/dev/null
thanks but suPHP better :)
Everyone his own thing, we like mod_ruid(2) more :)

We have no problems with mod_ruid2 since we are using it, and our servers are more safe now :)

But everyone is free to take his own decision
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
opinion, but mod_ruid faster.
On a server with insufficient resources this makes sense, since running PHP as a cgi definitely uses more resources.

I'm curious if anyone has tested mod_ruid on older servers or smaller VPS servers, where PHP as cgi often has problems.

Jeff
 

mjokiel

Verified User
Joined
Nov 18, 2009
Messages
31
Somebody knows why these errors appearing?

[Thu Nov 11 14:19:36 2010] [error] mod_ruid2 CRITICAL ERROR ruid_setup:cap_set_proc failed
[Thu Nov 11 14:19:36 2010] [error] mod_ruid2 CRITICAL ERROR ruid_uiiii:cap_set_proc failed before setuid
[Thu Nov 11 14:19:36 2010] [error] mod_ruid2 CRITICAL ERROR ruid_setup:cap_set_proc failed
[Thu Nov 11 14:19:36 2010] [error] mod_ruid2 CRITICAL ERROR ruid_uiiii:cap_set_proc failed before setuid
[Thu Nov 11 14:19:36 2010] [error] mod_ruid2 CRITICAL ERROR ruid_setup:cap_set_proc failed
[Thu Nov 11 14:19:36 2010] [error] mod_ruid2 CRITICAL ERROR ruid_uiiii:cap_set_proc failed before setuid
[Thu Nov 11 14:19:36 2010] [error] mod_ruid2 CRITICAL ERROR ruid_setup:cap_set_proc failed
[Thu Nov 11 14:19:36 2010] [error] mod_ruid2 CRITICAL ERROR ruid_uiiii:cap_set_proc failed before setuid
[Thu Nov 11 14:19:36 2010] [error] mod_ruid2 CRITICAL ERROR ruid_setup:cap_set_proc failed
[Thu Nov 11 14:19:36 2010] [error] mod_ruid2 CRITICAL ERROR ruid_uiiii:cap_set_proc failed before setuid
 

@how@

Verified User
Joined
Mar 2, 2005
Messages
961
Location
Kingdom of Bahrain
On a server with insufficient resources this makes sense, since running PHP as a cgi definitely uses more resources.

I'm curious if anyone has tested mod_ruid on older servers or smaller VPS servers, where PHP as cgi often has problems.

Jeff
tested in old server p4 and vps cpu 1gz work better then before lol :)
mod_ruid2 better then suphp

Wael
 

snk

Verified User
Joined
Dec 19, 2007
Messages
102
for some admins ruid2 is better than other solution.
some time ago i did my own tests. by my tests ruid2 faster.

iprodua, if you want you can contact me (i can speak russian ;).
 

iprodua

Verified User
Joined
Oct 5, 2007
Messages
88
for some admins ruid2 is better than other solution.
Some time ago i did my own tests. By my tests ruid2 faster.

Iprodua, if you want you can contact me (i can speak russian ;).
thnx...)))
 

ViAdCk

Verified User
Joined
Feb 14, 2005
Messages
267
Sounds like a very nice option, but reading a little bit it looks like it could be insecure to run a default centos kernel with this? What are the real risks involved?

Cheers!
 

cyberneticos

Verified User
Joined
Aug 21, 2005
Messages
689
Location
Spain
Hello, I am very interested in using this mod. For safety reasons basically and for speed if that's a side effect.

But I'm a bit scared to use it. Would it be recommened in a shared server scenerio with 90 users and 300 sites for example?
 
Top