Hello everyone,
Since there are alot of people asking for it, here is my HowTo about mod_ruid2
This is based on my CentOS server with Apache 2.x.
Installing this module its no longer needed to chmod config files to 666 or upload/attachments directories to 777. Since with this module enabled everything @ HTTP will run under the user itself and not 'apache' anymore.
** If you are using mod_ruid instead of mod_ruid2, first of all remove the mod_ruid line from '/etc/httpd/conf/httpd.conf'
First, we are going to install libcap-devel
yum -y install libcap-devel
After this is done we are going to download and install mod_ruid2
Now, if you didn't get any errors mod_ruid2 should be installed and added to the '/etc/httpd/conf/httpd.conf'.
Lets confirm mod_ruid2 is added
grep 'mod_ruid2' /etc/httpd/conf/httpd.conf
If you get any response like below its installed
LoadModule ruid2_module /usr/lib/apache/mod_ruid2.so
Now we need to modify the DA httpd.conf templates a little bit to enable mod_ruid2 for the users
Now copy the template files to custom
cd /usr/local/directadmin/data/templates/
cp virtual_host2* custom/
chown -R diradmin:diradmin custom/
Now you have copied the original templates to the 'custom' directory, so they won't be overwritten.
Code:
cd /usr/local/directadmin/data/templates/custom/
Now follow the steps below for each virtual_host2 file you've copied
nano -w virtual_host2.conf
## replace line:
SuexecUserGroup |USER| |GROUP|## replace with:
#SuexecUserGroup |USER| |GROUP|## Add the lines below under the just replaced line
RMode config
RUidGid |USER| |GROUP|
RGroups apache
Save the files and lets rewrite the HTTPd config files
echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queue
If you want you can start the rewrite of the HTTPd config files manually, just paste the line below and wait when its done
/usr/local/directadmin/dataskq d800
After the rewrite is complete you can restart HTTPd with the command below
/etc/init.d/httpd restart
Now mod_ruid2 should be installed and you don't need to chmod anymore like 'chmod 666 config.php' or 'chmod 777 uploads'.
To be sure the webmail clients etc still works we need to change the owner permissions
chown -R webapps:webapps /var/www/html
Edit by NoBaloney; see posts 324 and 325, page 17 of this thread:
And last you need to modify httpd-directories.conf
Code:
nano -w /etc/httpd/conf/extra/httpd-directories.conf
Add the RUidGid line below between the and
Code:
Options -Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
suPHP_Engine On
suPHP_UserGroup webapps webapps
SetEnv PHP_INI_SCAN_DIR
RUidGid webapps webapps
* Thanks to Arieh for this change.
End edit by NoBaloney
** Questions with Answers **
-------------------------------------------------------
Q: How can I test this is working?
A: Easy, install some CMS that you are used before. Like Wordpress, Joomla that required (before!!) chmod 666 or 777 to get install/working.
Q: I've dirs/files owned by apache for some users, must I change this?
A: Yes, you need to give the dirs/files owner of the user itself, not apache anymore. Check below
Thanks for snk for the commands below, to fix the owner permissions of the dirs/files
cd /usr/local/directadmin/scripts && ./set_permissions.sh user_homes
find /home/*/domains/*/public_html -type d -print0 | xargs -0 chmod 711
find /home/*/domains/*/public_html -type f -print0 | xargs -0 chmod 644
find /home/*/domains/*/public_html -type f -name '*.cgi*' -exec chmod 755 {} \;
find /home/*/domains/*/public_html -type f -name '*.pl*' -exec chmod 755 {} \;
find /home/*/domains/*/public_html -type f -name '*.pm*' -exec chmod 755 {} \;
cd /usr/local/directadmin/data/users && for i in `ls`; do { chown -R $i:$i /home/$i/domains/*/public_html;}; done;
* Added '&&' so if they do a typo, it won't change anything.
Q: Installing/Updating HTTPd to 2.4.x? Then you need to update mod_ruid2 also, the work around is
A:
Code:
wget -O mod_ruid2-0.9.4.tar.bz2 "http://downloads.sourceforge.net/project/mod-ruid/mod_ruid2/mod_ruid2-0.9.4.tar.bz2?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fmod-ruid%2Ffiles%2Fmod_ruid2%2F&ts=1330166943&use_mirror=kent"
tar xjf mod_ruid2-0.9.4.tar.bz2
cd mod_ruid2-0.9.4
perl -pi -e 's/unixd_config/ap_unixd_config/' mod_ruid2.c
perl -pi -e 's/#include "mpm_common.h"/#include "mpm_common.h"\n#include "unixd.h"/' mod_ruid2.c
apxs -a -i -l cap -c mod_ruid2.c
Thanks to smtalk!