Mod_ruid and ISPConfig 3

Discussion in 'Tips/Tricks/Mods' started by tio289, Sep 16, 2010.

  1. tio289

    tio289 Member

    How to install and configure apache mod_ruid on ISPConfig3 machine



    What is mod_ruid?

    mod_ruid is suexec module for apache 2.0, based on mod_suid2, which change apache process UID. It has better performance than mod_suid2 because it doesn`t need to kill httpd children after one request. It makes use of kernel capabilites and after receiving a new request suids again. It is faster that fcgi+suexec or suphp.



    Lets go ahead

    We need compile mod_ruid package. For it we need install two packages libcap-dev and apache2-prefork-dev



    Code:
    aptitude install libcap-dev apache2-prefork-dev


    After installing download mod_ruid from this page http://websupport.sk/~stanojr/projects/mod_ruid/


    Code:
    cd /tmp
    
    wget http://websupport.sk/~stanojr/projects/mod_ruid/mod_ruid-0.6.tar.gz
    
    tar -xzvf mod_ruid-0.6.tar.gz
    

    and compile...


    Code:
    apxs2 -a -i -l cap -c /tmp/mod_ruid-0.6/mod_ruid.c
    
     
    
    bash -c 'echo "LoadModule ruid_module /usr/lib/apache2/modules/mod_ruid.so" > /etc/apache2/mods-available/ruid.load'
    
     
    
    bash -c 'echo -e "RMode stat\nRMinUidGid #100 #100\nRDefaultUidGid www-data www-data" > /etc/apache2/mods-available/ruid.conf'
    
     
    
    a2enmod ruid
    
    /etc/init.d/apache2 restart
    

    Configure ispconfig vhost

    Open vhost.master.conf file

    Code:
    nano /usr/local/ispconfig/server/conf/vhost.conf.master
    and after this


    Code:
    # add support for apache mpm_itk
    
    <IfModule mpm_itk_module>
    
     AssignUserId <tmpl_var name='system_user'> <tmpl_var name='system_group'>
    
    </IfModule>
     
    insert this to each vhost (non-ssl and ssl)


    Code:
    # add support for apache mod_ruid
    
    <IfModule mod_ruid>
    
       RMode      config
    
       RUidGid    <tmpl_var name='system_user'> <tmpl_var name='system_group'>
    
    </IfModule>
    

    Thats all, you need recreate vhost files by ispconfig - simple open each website, disable suexec and set PHP to mod_php and save it.
    (If you use mod_ruid, them you cant use suphp on any vhost)

    Google docs:
    https://docs.google.com/document/pub?id=1sZzWsF8fKYbyS54fgFo8TSXDK61XcN5G9qzr6CmZN7k
     
    Last edited: Jan 21, 2011
  2. till

    till Super Moderator

    One small addition, instead of editing the file /usr/local/ispconfig/server/conf/vhost.conf.master, copy it to /usr/local/ispconfig/server/conf-custom/vhost.conf.master and then edit the file in the conf-custom directory. This ensures that the changed vhost file does not get overwritten on ispconfig updates.
     
  3. Grey

    Grey New Member

    Question: How does mod_ruid compare to the apache2 ITK worker module? apache2_mpm_itk does user switching a similar way, doesn't it, so how do both compare? Speed? Better memory efficiency?

    Would be interesting to know!
     
  4. tio289

    tio289 Member

    hi, mod_ruid and mpm-itk are probably very similar. mpm-itk is experimendal mod, and I have problem with getting work it. mod_ruid are developed by best webhosting company in slovakia and they use it on production servers.
     
  5. Grey

    Grey New Member

    IMHO MPM-ITK is an apache multi process module in difference to mod_ruid, which is a module running under the normal prefork or worker mpm.

    I can't speak for the unclear "experimental" status, but it has been pretty solid for years now (for us) and I like the ability to set the process ID as soon as possible, which is in my understanding by setting it in the MPM module rather than wait for an apache module to take care of it.

    I don't know what your problems with ITK are, but mine worked out of the box (debian and ubuntu) without much hassle.
     
  6. emanation

    emanation New Member

    After all changes regarding instruction above I've got Forbidden page at all sites on server including IPSConfig panel itself.
    I have CentOS6 and I've installed mod_ruid2 from atomic repository.
    After that, mod_ruid2 appears as working module at apache configuration.
    It seems to me that here is permission issue. But I do chown and chmod and no luck still.
    Please, suggest.
     
  7. tio289

    tio289 Member

    Hi, do you configure globals in /etc/apache2/mods-available/ruid.conf resp. on centos /etc/httpd/conf.d/ruid2.conf ?

    this is mine

    Code:
    Rmode           stat
    RMinUidGid      #100 #100
    RDefaultUidGid  www-data www-data
    
     
    Last edited: Sep 19, 2011
  8. emanation

    emanation New Member

    I have:
    Code:
    LoadModule ruid2_module modules/mod_ruid2.so
    
    <IfModule mod_ruid2.c>
        RMode config
        RDefaultUidGid apache apache
        RUidGid apache apache
        RGroups apache
    </IfModule>
    other standard lines are commented.
     

Share This Page