[HOWTO] mod_ruid2
Posted by adminSep 3
Hello everyone,
Since there are alot of people asking for it, here is my HowTo about mod_ruid2
This is based on my CentOS server with Apache 2.x.
Installing this module its no longer needed to chmod config files to 666 or upload/attachments directories to 777. Since with this module enabled everything @ HTTP will run under the user itself and not ‘apache’ anymore.
** If you are using mod_ruid instead of mod_ruid2, first of all remove the mod_ruid line from ‘/etc/httpd/conf/httpd.conf‘
First, we are going to install libcap-devel
yum -y install libcap-devel
After this is done we are going to download and install mod_ruid2
wget http://dave.t0xic.nl/tars/mod_ruid2-0.9.tar.bz2
tar xjf mod_ruid2-0.9.tar.bz2
cd mod_ruid2-0.9
apxs -a -i -l cap -c mod_ruid2.c
Now, if you didn’t get any errors mod_ruid2 should be installed and added to the ‘/etc/httpd/conf/httpd.conf‘.
Lets confirm mod_ruid2 is added
grep 'mod_ruid2' /etc/httpd/conf/httpd.conf
If you get any response like below its installed
LoadModule ruid2_module /usr/lib/apache/mod_ruid2.so
Now we need to modify the DA httpd.conf templates a little bit to enable mod_ruid2 for the users
Now copy the template files to custom
cd /usr/local/directadmin/data/templates/
cp virtual_host2* custom/
chown -R diradmin:diradmin custom/
Now you have copied the original templates to the ‘custom’ directory, so they won’t be overwritten.
Now follow the steps below for each virtual_host2 file you’ve copied
nano -w virtual_host2.conf
## replace line: SuexecUserGroup |USER| |GROUP|
## replace with: #SuexecUserGroup |USER| |GROUP|
## Add the lines below under the just replaced line
RMode config
RUidGid |USER| |GROUP|
RGroups apache
Save the files and lets rewrite the HTTPd config files
echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queue
If you want you can start the rewrite of the HTTPd config files manually, just paste the line below and wait when its done
/usr/local/directadmin/dataskq d800
After the rewrite is complete you can restart HTTPd with the command below
/etc/init.d/httpd restart
Now mod_ruid2 should be installed and you don’t need to chmod anymore like ‘chmod 666 config.php’ or ‘chmod 777 uploads’.
To be sure the webmail clients etc still works we need to change the owner permissions
chown -R webapps:webapps /var/www/html
** Questions with Answers **
——————————————————-
Q: How can I test this is working?
A: Easy, install some CMS that you are used before. Like WordPress, Joomla that required (before!!) chmod 666 or 777 to get install/working.
Q: I’ve dirs/files owned by apache for some users, must I change this?
A: Yes, you need to give the dirs/files owner of the user itself, not apache anymore. Check below
Thanks for snk for the commands below, to fix the owner permissions of the dirs/files
cd /usr/local/directadmin/scripts && ./set_permissions.sh user_homes
find /home/*/domains/*/public_html -type d -print0 | xargs -0 chmod 711
find /home/*/domains/*/public_html -type f -print0 | xargs -0 chmod 644
cd /usr/local/directadmin/data/users && for i in `ls`; do { chown -R $i:$i /home/$i/domains/*/public_html;}; done;
* Added ‘&&’ so if they do a typo, it won’t change anything.
You are missing a question, or you have a question, please let me know and I’ll try to answer them for you!
No comments
You must be logged in to post a comment.