Mod_ruid and ISPConfig 3

Discussion in 'Tips/Tricks/Mods' started by tio289, Sep 16, 2010.

  1. tio289

    tio289 Member

    How to install and configure apache mod_ruid on ISPConfig3 machine

    What is mod_ruid?

    mod_ruid is suexec module for apache 2.0, based on mod_suid2, which change apache process UID. It has better performance than mod_suid2 because it doesn`t need to kill httpd children after one request. It makes use of kernel capabilites and after receiving a new request suids again. It is faster that fcgi+suexec or suphp.

    Lets go ahead

    We need compile mod_ruid package. For it we need install two packages libcap-dev and apache2-prefork-dev

    aptitude install libcap-dev apache2-prefork-dev

    After installing download mod_ruid from this page

    cd /tmp
    tar -xzvf mod_ruid-0.6.tar.gz

    and compile...

    apxs2 -a -i -l cap -c /tmp/mod_ruid-0.6/mod_ruid.c
    bash -c 'echo "LoadModule ruid_module /usr/lib/apache2/modules/" > /etc/apache2/mods-available/ruid.load'
    bash -c 'echo -e "RMode stat\nRMinUidGid #100 #100\nRDefaultUidGid www-data www-data" > /etc/apache2/mods-available/ruid.conf'
    a2enmod ruid
    /etc/init.d/apache2 restart

    Configure ispconfig vhost

    Open vhost.master.conf file

    nano /usr/local/ispconfig/server/conf/vhost.conf.master
    and after this

    # add support for apache mpm_itk
    <IfModule mpm_itk_module>
     AssignUserId <tmpl_var name='system_user'> <tmpl_var name='system_group'>
    insert this to each vhost (non-ssl and ssl)

    # add support for apache mod_ruid
    <IfModule mod_ruid>
       RMode      config
       RUidGid    <tmpl_var name='system_user'> <tmpl_var name='system_group'>

    Thats all, you need recreate vhost files by ispconfig - simple open each website, disable suexec and set PHP to mod_php and save it.
    (If you use mod_ruid, them you cant use suphp on any vhost)

    Google docs:
    Last edited: Jan 21, 2011
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    One small addition, instead of editing the file /usr/local/ispconfig/server/conf/vhost.conf.master, copy it to /usr/local/ispconfig/server/conf-custom/vhost.conf.master and then edit the file in the conf-custom directory. This ensures that the changed vhost file does not get overwritten on ispconfig updates.
  3. JeGr

    JeGr Member

    Question: How does mod_ruid compare to the apache2 ITK worker module? apache2_mpm_itk does user switching a similar way, doesn't it, so how do both compare? Speed? Better memory efficiency?

    Would be interesting to know!
  4. tio289

    tio289 Member

    hi, mod_ruid and mpm-itk are probably very similar. mpm-itk is experimendal mod, and I have problem with getting work it. mod_ruid are developed by best webhosting company in slovakia and they use it on production servers.
  5. JeGr

    JeGr Member

    IMHO MPM-ITK is an apache multi process module in difference to mod_ruid, which is a module running under the normal prefork or worker mpm.

    I can't speak for the unclear "experimental" status, but it has been pretty solid for years now (for us) and I like the ability to set the process ID as soon as possible, which is in my understanding by setting it in the MPM module rather than wait for an apache module to take care of it.

    I don't know what your problems with ITK are, but mine worked out of the box (debian and ubuntu) without much hassle.
  6. emanation

    emanation New Member

    After all changes regarding instruction above I've got Forbidden page at all sites on server including IPSConfig panel itself.
    I have CentOS6 and I've installed mod_ruid2 from atomic repository.
    After that, mod_ruid2 appears as working module at apache configuration.
    It seems to me that here is permission issue. But I do chown and chmod and no luck still.
    Please, suggest.
  7. tio289

    tio289 Member

    Hi, do you configure globals in /etc/apache2/mods-available/ruid.conf resp. on centos /etc/httpd/conf.d/ruid2.conf ?

    this is mine

    Rmode           stat
    RMinUidGid      #100 #100
    RDefaultUidGid  www-data www-data
    Last edited: Sep 19, 2011
  8. emanation

    emanation New Member

    I have:
    LoadModule ruid2_module modules/
    <IfModule mod_ruid2.c>
        RMode config
        RDefaultUidGid apache apache
        RUidGid apache apache
        RGroups apache
    other standard lines are commented.

Share This Page