[HOWTO] mod_ruid2

[nobaloney]

Sounds like a very nice option, but reading a little bit it looks like it could be insecure to run a default centos kernel with this? What are the real risks involved?

What have you seen that makes you think it could be insecure to use it with a default CentOS kernel? What have you read?

Jeff

 

[cyberneticos]

Got it from the readme once you download the mod:

-there are some security issues, for instance if attacker successfully exploits the httpd process, he can set effective capabilities and setuid to root. i recommend to use some security patch in kernel (grsec),
or something..

That's kinda scary, but it might be becuase I?m no expert and maybe this is normal or expected.

 

[jml75]

Compatible with mod_php and mod_vhost_alias

Hi guys,

I just heard of mod_ruid2 and I find it very interesting but there isn't much information about it out there.

So do you know if mod_ruid2 is compatible with mod_php and with mod_vhost_alias?

Also hav you ever played with RDocumentChrRoot?

Thanx!

 

[SeLLeRoNe]

EDIT: my problem is not related to ruid but to mod_security, bad posting.

Regards

 

[pppplus]

Hi,

I try to install mod_ruid2, but stop. Sites are unavailables, I've message : Forbidden when I want to access to them.

I stop just after :

/etc/init.d/httpd restart

So I do not modify permissions on files.
I prefer to stop, because after changing permissions, it's difficult to come back with previous permissions.

I've an error when I run /usr/local/directadmin/dataskq d800 :

MimeTypes::readFile(): Unable to open /usr/local/directadmin/data/users/admin/domains/5go.fr.handlers for reading

for each domains

I think about another problem :
I have some files in cgi folder with permissions 755, but these files are not .cgi or .pl. (they have no extension).
So how to modify script, to not touch files with 755 permissions ?
This script :

cd /usr/local/directadmin/scripts && ./set_permissions.sh user_homes
find /home/*/domains/*/public_html -type d -print0 | xargs -0 chmod 711
find /home/*/domains/*/public_html -type f -print0 | xargs -0 chmod 644
find /home/*/domains/*/public_html -type f -name '*.cgi*' -exec chmod 755 {} \;
find /home/*/domains/*/public_html -type f -name '*.pl*' -exec chmod 755 {} \;
find /home/*/domains/*/public_html -type f -name '*.pm*' -exec chmod 755 {} \;
cd /usr/local/directadmin/data/users && for i in `ls`; do { chown -R $i:$i /home/$i/domains/*/public_html;}; done;

Thanks for your help

 

[massive]

I just installed mod_ruid2 on a new vps and i am trying to install joomla and i a getting the following error :

configuration.php not Writable

 

[SeLLeRoNe]

massive contact me on msn i can check it for you.

regards

 

[massive]

Thanks Andrea.
Problem solved. Wrong permissions in the parent folder.

 

[massive]

mpm_worker_module with mod_ruid2

Does anybode has experience with mod_ruid2 and mpm_worker_module
working together?

 

[defomaz]

just report
i've used mod_ruid + eaccelerrator then get trouble about user quota
user usage status on directadmin/repquota 4x bigger and not same with current user usage on his own directory /home/user/

after investigate, finnaly i found that eaccelerator cache file is also owned by user not root
so when Directadmin counting quota, eaccelerator cache also counted.

i still search solution, how to force eacellerator cache as root

thanks

 

[snk]

I think there is nothing wrong, this is user's files so it will be counted.
ea cache will be owner by root if you will run php from root, but this is wrong way.

Try to store ea cache to partition that not have quote

 

[zaja]

How to upgrade

Does anybody know how to upgrade mod_ruid2 from 0.9.1 to 0.9.3?

 

[snk]

look at first message

wget http://dave.t0xic.nl/tars/mod_ruid2-0.9.3.tar.bz2
tar xjf mod_ruid2-0.9.3.tar.bz2
cd mod_ruid2-0.9.3
apxs -a -i -l cap -c mod_ruid2.c

and restart httpd

 

[SeLLeRoNe]

how can i determinate which version is installed on my server?

 

[mind]

how can i determinate which version is installed on my server?

Version information is written to your httpd error log on startup.

 

[SeLLeRoNe]

thanks a lot

 

[zaja]

look at first message

and restart httpd

Thanks, just upgraded.

 

[defomaz]

Hallow, have you know or use cloudlinux(www.cloudlinux.com )?
now cloudlinux support mod_ruid2, it's seem i'm the first who use cloudlinux with mod_ruid2
after submit ticket request not more than 1 week mod_ruid2 added in cloudlinux modhostinglimit

 

[ViAdCk]

I have activated mod_ruid2 on one server and a user is having problems with his cgi scripts. This is in the domain error log:

(13)Permission denied: exec of '/home/user/domains/domain.com/public_html/cgi-bin/count/tc.cgi' failed, referer: http://www.domain.com/
Premature end of script headers: tc.cgi, referer: http://www.domain.com/

The cgi-bin folder has 711 permissions and the cgi script 755 permissions.

Any thoughts?

 

[daveyw]

(13)Permission denied: exec of '/home/user/domains/domain.com/public_html/cgi-bin/count/tc.cgi' failed, referer: http://www.domain.com/
Premature end of script headers: tc.cgi, referer: http://www.domain.com/

Before we can say whats the problem we would like to see what the first 5 lines are.

Having you this problem since you are using mod_ruid2 or not?
I can also remember something about

chmod 711 /usr/sbin/suexec

and then restart HTTPd.