Is my mod_ruid2 correct installed?

Aar

Verified User
Joined
Feb 10, 2005
Messages
209
Location
Netherlands
I wonder if I mod_ruid2 properly installed?

When i execute a PHP-script in my browser (www.sitename.com/test.php) with the contents:
Code:
<?php
print exec('whoami'); 
?>
I see my username in the output. (and not Apache)

Is my mod_ruid2 now properly installed?
The errorlog of httpd says this as a notice, when i restart Apache:
Code:
[Sun Oct 02 17:09:58 2011] [notice] mod_ruid2/0.9.4 enabled
 
Last edited:
Yes, it seems so, while you see your username not apache in the script output.
 
It's very strange:

mod_ruid2 is loaded (and it gives me my username), while i don't have editted the httpd.conf.

Is this normal?

Normally you must add:
Code:
# mod_ruid
RMode config
RUidGid apache apache
But i don't have this, and it's working?
 
Is it needed, to update my vhost templates???

It also works without update them? How is this possible?
Any idea?
 
Last edited:
Here is the link to HowTo on these forums http://www.directadmin.com/forum/showthread.php?t=37467

Here is the content of README file from mod_ruid2:

ABOUT
mod_ruid2 is a suexec module for apache 2.0, based on mod_ruid and mod_suid2

-it runs only on linux because afaik only linux has implemented posix 1003.1e capabilities
-it has better performance than mod_suid2 because it doesn`t need to kill httpd children
after one request. it makes use of kernel capabilites and after receiving a new request suids again.
-there are some security issues, for instance if attacker successfully exploits the httpd process,
he can set effective capabilities and setuid to root. i recommend to use some security patch in kernel (grsec),
or something..

-there are two main operation modes: stat and config
1. stat
is default, httpd setuid and setgid to uid and gid of requested filename(script)/directory
this is good if you use mod_vhost_alias for virtual hosting

2. config
like mod_suid2, you must define uid and gid

INSTALL
1. download and install latest libcap from here
2. run /apachedir/bin/apxs -a -i -l cap -c mod_ruid2.c
3. configure httpd.conf
4. restart apache

CONFIGURE OPTIONS:
RMode config|stat (default is stat)
RUidGid user|#uid group|#gid - when RMode is config, set to this uid and gid

RMinUidGid user|#uid group|#gid - when uid/gid is < than min uid/gid set to default uid/gid
RDefaultUidGid user|#uid group|#gid

RGroups group1 group2 - aditional groups set via setgroups

RDocumentChrRoot - Set chroot directory and the document root inside


EXAMPLE:

LoadModule ruid2_module modules/mod_ruid2.so
User apache
Group apache
RMode stat
RGroups apachetmp
RDocumentChRoot /home /example.com/public_html

NameVirtualHost 192.168.0.1
<VirtualHost example.com>
ServerAdmin [email protected]
RDocumentChRoot /home /example.com/public_html
ServerName example.com
ServerAlias www.example.com
RMode config
RUidGid user1 group1
RGroups apachetmp

<Directory /home/example.com/public_html/dir>
RMode stat
</Directory>

<Directory /home/example.com/public_html/dir/test>
RMode config
RUidGid user2 group2
RGroups groups1
</Directory>

<Directory /home/example.com/public_html/dir/test/123>
RUidGid user3 group3
</Directory>

<Location /yustadir>
RMode config
RUidGid user4 user4
RGroups groups4
</Location>

</VirtualHost>

<VirtualHost example.net>
ServerAdmin [email protected]
DocumentRoot /home/example.net/public_html
ServerName example.net
ServerAlias www.example.net
</VirtualHost>
 
So you might want to use as

1. stat
is default, httpd setuid and setgid to uid and gid of requested filename(script)/directory
this is good if you use mod_vhost_alias for virtual hosting

But there might come issues with phpMyAdmin/webmails. Never checked it, so you might want to try and share your results with us.
 
Yes, with the stat-option it's possible to run all under the username, without edit the vhosts.
 
Back
Top