#1  
Old 16th September 2010, 02:53
tio289 tio289 is offline
Member
 
Join Date: Mar 2009
Posts: 70
Thanks: 2
Thanked 14 Times in 9 Posts
Default Mod_ruid and ISPConfig 3

How to install and configure apache mod_ruid on ISPConfig3 machine



What is mod_ruid?

mod_ruid is suexec module for apache 2.0, based on mod_suid2, which change apache process UID. It has better performance than mod_suid2 because it doesn`t need to kill httpd children after one request. It makes use of kernel capabilites and after receiving a new request suids again. It is faster that fcgi+suexec or suphp.



Lets go ahead

We need compile mod_ruid package. For it we need install two packages libcap-dev and apache2-prefork-dev



Code:
aptitude install libcap-dev apache2-prefork-dev


After installing download mod_ruid from this page http://websupport.sk/~stanojr/projects/mod_ruid/


Code:
cd /tmp

wget http://websupport.sk/~stanojr/projects/mod_ruid/mod_ruid-0.6.tar.gz

tar -xzvf mod_ruid-0.6.tar.gz

and compile...


Code:
apxs2 -a -i -l cap -c /tmp/mod_ruid-0.6/mod_ruid.c

 

bash -c 'echo "LoadModule ruid_module /usr/lib/apache2/modules/mod_ruid.so" > /etc/apache2/mods-available/ruid.load'

 

bash -c 'echo -e "RMode stat\nRMinUidGid #100 #100\nRDefaultUidGid www-data www-data" > /etc/apache2/mods-available/ruid.conf'

 

a2enmod ruid

/etc/init.d/apache2 restart

Configure ispconfig vhost

Open vhost.master.conf file

Code:
nano /usr/local/ispconfig/server/conf/vhost.conf.master
and after this


Code:
# add support for apache mpm_itk

<IfModule mpm_itk_module>

 AssignUserId <tmpl_var name='system_user'> <tmpl_var name='system_group'>

</IfModule>
insert this to each vhost (non-ssl and ssl)


Code:
# add support for apache mod_ruid

<IfModule mod_ruid>

   RMode      config

   RUidGid    <tmpl_var name='system_user'> <tmpl_var name='system_group'>

</IfModule>

Thats all, you need recreate vhost files by ispconfig - simple open each website, disable suexec and set PHP to mod_php and save it.
(If you use mod_ruid, them you cant use suphp on any vhost)

Google docs:
https://docs.google.com/document/pub...N5G9qzr6CmZN7k

Last edited by tio289; 21st January 2011 at 20:04.
Reply With Quote
The Following User Says Thank You to tio289 For This Useful Post:
till (16th September 2010)
Sponsored Links
  #2  
Old 16th September 2010, 09:30
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,046
Thanks: 826
Thanked 5,389 Times in 4,234 Posts
Default

One small addition, instead of editing the file /usr/local/ispconfig/server/conf/vhost.conf.master, copy it to /usr/local/ispconfig/server/conf-custom/vhost.conf.master and then edit the file in the conf-custom directory. This ensures that the changed vhost file does not get overwritten on ispconfig updates.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 23rd September 2010, 11:25
Grey Grey is offline
Member
 
Join Date: May 2008
Location: Germany
Posts: 70
Thanks: 9
Thanked 18 Times in 15 Posts
Default

Question: How does mod_ruid compare to the apache2 ITK worker module? apache2_mpm_itk does user switching a similar way, doesn't it, so how do both compare? Speed? Better memory efficiency?

Would be interesting to know!
Reply With Quote
  #4  
Old 23rd September 2010, 12:46
tio289 tio289 is offline
Member
 
Join Date: Mar 2009
Posts: 70
Thanks: 2
Thanked 14 Times in 9 Posts
Default

hi, mod_ruid and mpm-itk are probably very similar. mpm-itk is experimendal mod, and I have problem with getting work it. mod_ruid are developed by best webhosting company in slovakia and they use it on production servers.
Reply With Quote
  #5  
Old 23rd September 2010, 14:48
Grey Grey is offline
Member
 
Join Date: May 2008
Location: Germany
Posts: 70
Thanks: 9
Thanked 18 Times in 15 Posts
Default

IMHO MPM-ITK is an apache multi process module in difference to mod_ruid, which is a module running under the normal prefork or worker mpm.

I can't speak for the unclear "experimental" status, but it has been pretty solid for years now (for us) and I like the ability to set the process ID as soon as possible, which is in my understanding by setting it in the MPM module rather than wait for an apache module to take care of it.

I don't know what your problems with ITK are, but mine worked out of the box (debian and ubuntu) without much hassle.
Reply With Quote
  #6  
Old 19th September 2011, 10:02
emanation emanation is offline
Junior Member
 
Join Date: Sep 2011
Posts: 15
Thanks: 3
Thanked 0 Times in 0 Posts
Default

After all changes regarding instruction above I've got Forbidden page at all sites on server including IPSConfig panel itself.
I have CentOS6 and I've installed mod_ruid2 from atomic repository.
After that, mod_ruid2 appears as working module at apache configuration.
It seems to me that here is permission issue. But I do chown and chmod and no luck still.
Please, suggest.
Reply With Quote
  #7  
Old 19th September 2011, 11:00
tio289 tio289 is offline
Member
 
Join Date: Mar 2009
Posts: 70
Thanks: 2
Thanked 14 Times in 9 Posts
Default

Hi, do you configure globals in /etc/apache2/mods-available/ruid.conf resp. on centos /etc/httpd/conf.d/ruid2.conf ?

this is mine

Code:
Rmode           stat
RMinUidGid      #100 #100
RDefaultUidGid  www-data www-data
__________________
Independent Senior Webdeveloper

Last edited by tio289; 19th September 2011 at 11:02.
Reply With Quote
  #8  
Old 19th September 2011, 14:57
emanation emanation is offline
Junior Member
 
Join Date: Sep 2011
Posts: 15
Thanks: 3
Thanked 0 Times in 0 Posts
 
Default

I have:
Code:
LoadModule ruid2_module modules/mod_ruid2.so

<IfModule mod_ruid2.c>
    RMode config
    RDefaultUidGid apache apache
    RUidGid apache apache
    RGroups apache
</IfModule>
other standard lines are commented.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 02:50.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.