Would mod_ruid2 work with both PHP5.2 & PHP5.3 on the same DA installation?
has any1 tried this...?
cd /usr/local/directadmin/custombuild
wget -O suphp-0.7.1.tar.gz http://files.directadmin.com/services/custombuild/suphp-0.7.1.tar.gz
tar xzf suphp-0.7.1.tar.gz
cd suphp-0.7.1
wget -O ./src/Application.cpp http://www.custombuild.eu/Application.cpp
../configure/suphp/configure.suphp
make
make install
# diff Application.cpp Application.cpp-orig
171a172,176
> if (api.getRealProcessUser() !=
> api.getUserInfo(config.getWebserverUser())) {
> throw SecurityException("Calling user is not webserver user!",
> __FILE__, __LINE__);
> }
So this will let suphp work with mod_ruid2 without need to edit suphp.conf as you noticed on my server time ago?
Regards
@Martynas, good of you.
Hmm,
Code:# diff Application.cpp Application.cpp-orig 171a172,176 > if (api.getRealProcessUser() != > api.getUserInfo(config.getWebserverUser())) { > throw SecurityException("Calling user is not webserver user!", > __FILE__, __LINE__); > }
I've never thought of this way. My solution has nothing in common with modifying suPHP sources at all. Probably, your solution is more effective and/or easier to implement, but I'm not sure. Did you make any test of speed? Isn't too redundant to call suPHP from mod_ruid affected apache process?
Last question. Maybe is usefull for someone else aswell.
Those commands have to be run after php-cgi has been installed right? So, is a re-compiled when suphp has been already installed.
thanks
PHP-CGI has never been as fast as mod_php, and this solution is the easiest one to implement with current configs, without making them complex. mod_ruid2 is very fast, so it doesn't affect the speed a lot.
Yes, I agree, that is the easiest one to implement with current configs. But what about security? Would it much better to check minimal UID, let say 500 (taken from config). How much does it make easier to run PHP scripts from superuser name without UID check?
Of course, and it goes without saying, you might want to add a patch into custombuild script (as a standard or an option), in case none issues will come.