Apache and cPanel & WHM
The Apache Configuration File & Building Apache
How httpd.conf Is Processed
EasyApache and PHP [+] [-]
Apache and PHP Customization [+] [-]
Custom Directives to httpd.conf [+] [-]
FrontPage® Support?
Known Issues
Documentation Home
RSS Feed
How httpd.conf Is Processed
EasyApache and PHP [+] [-]
Apache and PHP Customization [+] [-]
Custom Directives to httpd.conf [+] [-]
FrontPage® Support?
Known Issues
Documentation Home
RSS Feed
The mod_ruid2 Module
Introduction
mod_ruid2 is an Apache extension that allows requests to a domain to run as the owner of that domain, instead of the Apache user. It is similar to suEXEC and suPHP, but applies to all HTTP requests, except those to Java servlets or JSPs.
mod_ruid2 uses a feature of POSIX.1e that is available on all Linux systems supported by cPanel. You can install mod_ruid2 through the EasyApache interface. (Main >> Software >> EasyApache (ApacheUpdate))
Note: mod_ruid2 is only available with Apache 2.2.
Installing mod_ruid2
This section contains instructions for installingmod_ruid2.
- Build a new version of Apache and PHP with WHM's EasyApache (Apache Update) feature ( Main >> Software >> EasyApache (Apache Update)).
- Continue to step 5, EasyApache's Short Options List.
- Select the checkbox next to Mod Ruid2.
- When you are finished with the configuration, build Apache and PHP as you would ordinarily.
Incompatibilities
In general,mod_ruid2 introduces a complex security model. For this reason, we have been careful to disallow certain Apache modules that we believe may introduce vulnerabilities when used with mod_ruid2. Enabling mod_ruid2 in the EasyApache interface will automatically disable the following configuration options:
| Option | Module Identifier | Description |
|---|---|---|
| Cache | cache_module |
Caches content that is keyed to URIs. Local and proxy content can be cached. mod_ruid2 caused problems with the ownership of cache lock files. It may be possible to patch the cache modules or mod_ruid2 to solve the issue; however, the patch may introduce security vulnerabilities. |
| Disk Cache | disk_cache_module |
Caches content that is keyed to URIs. This module uses disk-based storage management and is usually used with cache_module. mod_ruid2 caused problems with the ownership of cache lock files. It may be possible to patch the cache modules or mod_ruid2 to solve the issue; however, the patch may introduce security vulnerabilities. |
| MemCache | mod_mem_cache |
Caches content that is keyed to URIs. This module requires the cache_module and provides a memory-based storage management system. mod_ruid2 caused problems with the ownership of cache lock files. It may be possible to patch the cache modules or mod_ruid2 to solve the issue; however, the patch may introduce security vulnerabilities. |
| MPM Worker | mpm_worker_module |
A multi-processing module that allows Apache to serve additional requests by off-loading processing work to supporting threads. Thread-based MPMs will not work with mod_ruid2, as they alter the UID and GID at the process level. |
| MPM Event | mpm_event_module |
A variant of the worker MPM that allows Apache to serve additional requests by off-loading processing work to supporting threads. Thread-based MPMs will not work with mod_ruid2, as they alter the UID and GID at the process level. |
| MPM Leader | mpm_leader_module |
An experimental variant of the worker MPM that allows Apache to serve additional requests by off-loading processing work to supporting threads. Thread-based MPMs will not work with mod_ruid2, as they alter the UID and GID at the process level. |
| MPM Perchild | mpm_perchild_module |
A multi-processing module that allows Apache processes to use different UIDs. Thread-based MPMs will not work with mod_ruid2, as they alter the UID and GID at the process level. |
| MPM Threadpool | mpm_threadpool_module |
An experimental variant of the worker MPM that allows Apache to serve additional requests by off-loading processing work to supporting threads. This module queues idle worker threads and passes accepted connections to the next available worker. Thread-based MPMs will not work with mod_ruid2, as they alter the UID and GID at the process level. |
| Mono | mod_mono |
Provides ASP.NET support for Apache 2.0 and 2.2. This applies to .NET 1.x and 2.x. Enabling mod_ruid2 prevents mod_mono from building. We may look into this further if there is sufficient demand. |
| FastCGI | mod_fcgi |
A language-agnostic extension of CGI that allows Apache to serve PHP faster. When using FastCGI, requests are processed by a separate, persistent process. mod_ruid2 cannot force the processes to change UID or GID based on the domain. |
Notes
This section contains some general information on how to use and troubleshootmod_ruid2.
- In most instances, when
mod_ruid2is installed, we recommend that you replace suPHP as your PHP handler. Many administrators prefer to use DSO as the PHP handler whenevermod_ruid2is enabled. -
mod_ruid2will work with all of the PHP handlers offered by cPanel & WHM except FastCGI. Enablingmod_ruid2will not change your PHP handler, unless you are using FastCGI. If you are using FastCGI and enablemod_ruid2, your PHP handler will change to suPHP. - Some users have encountered problems with
mod_ruid2while using mutual exclusion. To solve this issue, add the following line to/usr/local/apache/conf/mod_ruid2.conf:-
AcceptMutex posixsem
-
-
mod_ruid2is not compatible with shared SSL certificates. Data is accessed over a shared SSL as the user nobody. However,mod_ruid2accesses data with the user account. The user permissions on$HOME/public_htmlbecome user:user instead of user:nobody aftermod_ruid2is installed. The user nobody can no longer access thepublic_html content. This will result in a "permission denied" message.
Topic revision: r4 - 25 Jan 2013 - 23:09:30 - Main.RosieArcelay