[HOWTO] mod_ruid2

After looking further found this for the cronjob of mrtg and working again.
Cronjob still runs as root but output files are webapps:webapps

Code: 
/usr/local/mrtg-2/bin/mrtg --user=webapps --group=webapps /var/www/html/mrtg/core/mrtg.cfg >/dev/null 2>&1

Now only the prestasop problem persists.
 
Last edited:
SeLLeRoNe said:
What about add a script in the crontab to change the ownership after mrtg run? Or, run it with another user?
Click to expand...
Most likely that won't help with the Prestashop issue.

We resolved a similar problem quite some time ago by creative ownerships; perhaps something similar to;
Code: 
chown webapps:root *
chmod 664 *
Jeff
 
My suggestion was referred to mrtg and actually yes that wouls solve without any problem the file ownership problem,

Regarding the prestashop problem, ive two suggestions:

1 - check apache logs.
2 - maybe the prestashop installer/installation chmodded some directory to 777 (ex. tmp or uploads) and if mod_ruid2 find dirs with 777 permission it goes error.

For be sure that folder and files got correct permission run:

Code: 
find /home/*/domains/*/public_html/ -type d -exec chmod 755 {} \;
find /home/*/domains/*/public_html/ -type f -exec chmod 644 {} \;

Regards
This will set all files to 644 and all folders to 755.

Regards
 
Follow Up for SSL Forbidden Error

Hey I just wanted to do a follow up on the SSL Forbidden Error, I followed all of these steps and it still didn't work.

I left out one important thing, that I figured out after looking at apache error logs.

http://help.directadmin.com/item.php?id=363

You need to put the modifications

nano -w virtual_host2.conf
## replace line: SuexecUserGroup |USER| |GROUP|
## replace with: #SuexecUserGroup |USER| |GROUP|
## Add the lines below under the just replaced line
RMode config
RUidGid |USER| |GROUP|
RGroups apache
Click to expand...

Into EVERY virtualhost file in the /usr/local/directadmin/data/templates/custom/
directory.
 
asekeris said:
After looking further found this for the cronjob of mrtg and working again.
Cronjob still runs as root but output files are webapps:webapps

Code: 
/usr/local/mrtg-2/bin/mrtg --user=webapps --group=webapps /var/www/html/mrtg/core/mrtg.cfg >/dev/null 2>&1

Now only the prestasop problem persists.
Click to expand...

This edit to the coronjob of mrtg solves the display problem and only changes the ownership of the output file.
So mrtg still runs as root and is able to collect everything from the system and makes the output readable via te html pages.

Prestahop is not solved yet but appears to be a bug in the shop software and not a mod_ruid2 problem.
I wish to thank everybody for the suggestions made and for now let this prestahop problem res.
 
Hello,

I have installed on all my servers the mod_ruid2 function.
Now i have just received a new server and i'm using custombuild 1.2

One step in the how to i can't seem to find.
This this is:
Add the line below between the <Directory "/var/www/html"> and </Directory>
Code:

<Directory "/var/www/html">
Options -Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
<IfModule mod_suphp.c>
suPHP_Engine On
suPHP_UserGroup webapps webapps
SetEnv PHP_INI_SCAN_DIR
</IfModule>
RUidGid webapps webapps
</Directory>

The line <Directory "/var/www/html"> .... </Directory> is not available anymore in my httpd.conf

I have checked my older servers with custombuild 1.1 and there i can find the line.
But i see many differences between both httpd.conf files, so i'm not sure what to do next.

Any advice?
 
I've checked my server and I still have /var/www/html in my files.
/etc/httpd/conf# grep /var/www/html /etc/httpd/conf/httpd.conf
DocumentRoot "/var/www/html"
<Directory "/var/www/html">
Click to expand...
/usr/local/directadmin/custombuild# grep custombuild options.conf
custombuild=1.2
Click to expand...
So it should be there
 
Hi all... tnx for this tutorial but I'm kinda stuck at this:

- nano -w virtual_host2.conf

It tells me to comment suPHP and add mod_ruid2 lines but this is already in my
/usr/local/directadmin/data/templates/custom/virtual_host2.conf

---
<IfModule !mod_ruid2.c>
SuexecUserGroup |USER| |GROUP|
</IfModule>
<IfModule mod_ruid2.c>
RMode config
RUidGid |USER| |GROUP|
RGroups apache access
</IfModule>
---

To me this seems even better than the example, should I just continue with the next step? What if it screws up? How will I revert the mod_ruid2?

Situation:
- Debian 6 VPS on Xen
- Not running suPHP as far as i know

By the way:
the mod_ruid2.c was a 404, I downloaded and renamed it manually for it to work.



----------------
update: I just continued anyway because the config seemed to be correct, i still only see user 'apache' for my apache processes though. system('id') in PHP gives me:

uid=1004(fvision) gid=1006(fvision) groups=1006(fvision),1000(apache),1004(access)

while running a very long loop in PHP (taking over 10 seconds to parse) shows user 'apache' in htop. What am i doing wrong?

Another thingy... all my files are already owned by the user instead of apache.

-----------
update 2: seems to be working fine now while I didn't do anything else anymore :) thanks for the tutorial, really apreciate this!
 
Last edited:
Recent DirectAdmin installs (and perhaps updates; I haven't checked) have the new construction, as support for mod_ruid2 is slowly being added to DirectAdmin. You neither have to move the files to your custom directory, nor make any changes to them. The How-To needs to be updated; hopefully the original poster will see our exchange and make the fixes.

Jeff
 
Thanks, as I said I tried it anyway and it's working great. I only found out the "php_flag suhosin.simulation On" isn't working, is this because of mod_ruid2? I have 1 customer I need to disable suhosin for, how to do this? (is it possible to use custom php.ini for only 1 customer/domain?) Or is this not related to mod_ruid2 at all :)
 
When restarting httpd I'm getting this error

Starting httpd: httpd: bad group name access

I've commented out the mod_ruid2 and it starts just fine.

Any pointers on where to start?


This is in the HTTP config

<IfModule !mod_ruid2.c>
SuexecUserGroup admin admin
</IfModule>
<IfModule mod_ruid2.c>
RMode config
RUidGid admin admin
RGroups apache access
</IfModule>
 
I can't install mod_ruid on a CentOS 5 system. It previously ran mod_cgi but I decided to switch it to mod_ruid (there are no sites on it at the moment).
Code: 
[root@dajj01 mod_ruid2-0.9.4]# apxs -a -i -l cap -c mod_ruid2.c 
/var/www/build/libtool --silent --mode=compile gcc -std=gnu99 -prefer-pic   -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -g -O2 -pthread -I/usr/include/apache  -I/usr/include/apache   -I/usr/include/apache   -c -o mod_ruid2.lo mod_ruid2.c && touch mod_ruid2.slo
mod_ruid2.c: In function 'ruid_suidback':
mod_ruid2.c:400: warning: implicit declaration of function 'setgroups'
mod_ruid2.c:401: error: 'unixd_config' undeclared (first use in this function)
mod_ruid2.c:401: error: (Each undeclared identifier is reported only once
mod_ruid2.c:401: error: for each function it appears in.)
apxs:Error: Command failed with rc=65536
I thought the problem might be with the version of mod_ruid I'm trying to install, mod_ruid2-0.9.4, so I tried again with the older mod_ruid2-0.9.3, but I got the same error.

Any ideas? I'd like to get this done today and put this system into service.

Thanks.

Jeff
 
You must log in or register to reply here.
Back
Top