1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_ruid2 is secure ?

Discussion in 'Server Configuration and Hosting' started by Francesco V., Apr 15, 2013.

  1. Francesco V.

    Francesco V. Active Member

    I'm trying to read as many information i can about it, although i'm not a sys-admin guy.

    It seems that the not secure part is related to the DSO php handler that works in combo with mod_ruid2 and not to mod_ruid2 itself.

    What are your opinion about this topic ? Is mod_ruid2 safe on a VPS where i have some personal sites and webspace for one of my friend ? I'm not a reseller or whatelse.
     
  2. Adam Howard

    Adam Howard Well-Known Member

    mod_ruid2 is an Apache extension that allows requests to a domain to run as the owner of that domain, instead of the Apache user. It is similar to suEXEC and suPHP, but applies to all HTTP requests (except those to Java servlets or JSPs).

    So in that aspect its as safe as the users your assign it to the VPS and the security you use.... But it will limit what you can use. It's not compatible with most cache options... ie... memcache, file cache, ect..... So what you get is basically what you have out of it.
     
  3. Francesco V.

    Francesco V. Active Member

    I read that one of the advantage of mod_ruid2 was just you can use caching keeping at the same time the advantage of suPhP to run webserver process as an account user and not as apache user. The main issue is that if someone exploits the apache process than can take advantage of mod_ruid2 main feature, you can switch from normale user back to root user.
     
  4. MattW

    MattW Well-Known Member

    I've been running rod_ruid2 for over 12 months now.
    It works with APC/Xcache/Memcache fine.
     
  5. Adam Howard

    Adam Howard Well-Known Member

    The user is new and is using cPanel (if I recall). They claim it doesn't work (cPanel).

    I personally, I have not used mod_ruide2 to my knowledge and so I did some research.

    Incompatibilities
    http://docs.cpanel.net/twiki/bin/view/EasyApache3/ModRuid2
    • Cache
    • Disk Cache
    • Memcache
    • MPM Worker
    • MPM Event
    • MPM Leader
    • MPM Perchild
    • MPM Threadpool
    • Mono
    • FastCGI
    ^ See highlighted points of interest.

    It's all possible that someone needs to update their website.
     
  6. MattW

    MattW Well-Known Member

    I'm using cPanel as well, and have had it working with all 3.
     
  7. Adam Howard

    Adam Howard Well-Known Member

    As I'm not currently using cPanel or have any history with using mod_ruide2 (that I can recall).... I'll defer to your experience on it, but would suggest the OP do more research and inquire with cPanel themselves.
     
  8. MattW

    MattW Well-Known Member

    That's a good course of action for the OP to take. Like I said, I've been running it for over 12 months now on both PHP 5.3 and PHP 5.4, and it's worked fine with both Xcache/APC and Memcache/Libmemcached.

    For the OP, if they are your sites and a single site for your friend, you would probably be OK running straight DSO if you know what type of site they are going to be using your hosting for.

    I only use it because I also host a couple of sites for friends (a couple use Wordpress), otherwise, I'd be running nginx myself.
     
  9. Francesco V.

    Francesco V. Active Member

    Matt,

    when you switched on druid 2 did you changed -R owner:group and permission of attachment and avatars folders ?
    I just migrated an account on the VPS where i activated druid 2 and i see that those folder belong to nobody:nobody with a 777 :confused:

    Did you chowned to user:user and chmodded to 771 or 775 ?
     
  10. MattW

    MattW Well-Known Member

    I didn't have to, as when I originally set the VPS up, it was running suPHP, so all folders were already 755.

    I have mine with the folders and files owned by the account owner, with the folders to be 755 and files 644
     
  11. Francesco V.

    Francesco V. Active Member

    Me too was on a VPS with su PHP but it seems that vbulletin-->xenforo migration created that folder with nobody and 777
     

Share This Page