How to install and configure apache mod_ruid on ISPConfig3 machine What is mod_ruid? mod_ruid is suexec module for apache 2.0, based on mod_suid2, which change apache process UID. It has better performance than mod_suid2 because it doesn`t need to kill httpd children after one request. It makes use of kernel capabilites and after receiving a new request suids again. It is faster that fcgi+suexec or suphp. Lets go ahead We need compile mod_ruid package. For it we need install two packages libcap-dev and apache2-prefork-dev Code: aptitude install libcap-dev apache2-prefork-dev After installing download mod_ruid from this page http://websupport.sk/~stanojr/projects/mod_ruid/ Code: cd /tmp wget http://websupport.sk/~stanojr/projects/mod_ruid/mod_ruid-0.6.tar.gz tar -xzvf mod_ruid-0.6.tar.gz and compile... Code: apxs2 -a -i -l cap -c /tmp/mod_ruid-0.6/mod_ruid.c bash -c 'echo "LoadModule ruid_module /usr/lib/apache2/modules/mod_ruid.so" > /etc/apache2/mods-available/ruid.load' bash -c 'echo -e "RMode stat\nRMinUidGid #100 #100\nRDefaultUidGid www-data www-data" > /etc/apache2/mods-available/ruid.conf' a2enmod ruid /etc/init.d/apache2 restart Configure ispconfig vhost Open vhost.master.conf file Code: nano /usr/local/ispconfig/server/conf/vhost.conf.master and after this Code: # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId <tmpl_var name='system_user'> <tmpl_var name='system_group'> </IfModule> insert this to each vhost (non-ssl and ssl) Code: # add support for apache mod_ruid <IfModule mod_ruid> RMode config RUidGid <tmpl_var name='system_user'> <tmpl_var name='system_group'> </IfModule> Thats all, you need recreate vhost files by ispconfig - simple open each website, disable suexec and set PHP to mod_php and save it. (If you use mod_ruid, them you cant use suphp on any vhost) Google docs: https://docs.google.com/document/pub?id=1sZzWsF8fKYbyS54fgFo8TSXDK61XcN5G9qzr6CmZN7k
One small addition, instead of editing the file /usr/local/ispconfig/server/conf/vhost.conf.master, copy it to /usr/local/ispconfig/server/conf-custom/vhost.conf.master and then edit the file in the conf-custom directory. This ensures that the changed vhost file does not get overwritten on ispconfig updates.
Question: How does mod_ruid compare to the apache2 ITK worker module? apache2_mpm_itk does user switching a similar way, doesn't it, so how do both compare? Speed? Better memory efficiency? Would be interesting to know!
hi, mod_ruid and mpm-itk are probably very similar. mpm-itk is experimendal mod, and I have problem with getting work it. mod_ruid are developed by best webhosting company in slovakia and they use it on production servers.
IMHO MPM-ITK is an apache multi process module in difference to mod_ruid, which is a module running under the normal prefork or worker mpm. I can't speak for the unclear "experimental" status, but it has been pretty solid for years now (for us) and I like the ability to set the process ID as soon as possible, which is in my understanding by setting it in the MPM module rather than wait for an apache module to take care of it. I don't know what your problems with ITK are, but mine worked out of the box (debian and ubuntu) without much hassle.
After all changes regarding instruction above I've got Forbidden page at all sites on server including IPSConfig panel itself. I have CentOS6 and I've installed mod_ruid2 from atomic repository. After that, mod_ruid2 appears as working module at apache configuration. It seems to me that here is permission issue. But I do chown and chmod and no luck still. Please, suggest.
Hi, do you configure globals in /etc/apache2/mods-available/ruid.conf resp. on centos /etc/httpd/conf.d/ruid2.conf ? this is mine Code: Rmode stat RMinUidGid #100 #100 RDefaultUidGid www-data www-data
I have: Code: LoadModule ruid2_module modules/mod_ruid2.so <IfModule mod_ruid2.c> RMode config RDefaultUidGid apache apache RUidGid apache apache RGroups apache </IfModule> other standard lines are commented.
