11.38.2, Apache 2.4.6, PHP 5.4.17, mod_ruid2 and shared SSL/SNI certificates

movielad

Well-Known Member
May 14, 2003
109
2
168
cPanel Access Level
Root Administrator
Twitter
Hello,

Is it still the case that sites hanging off a single IP with shared certificates in SNI configuration, with mod_ruid2 enabled, will see Apache requests come from nobody? Does PHP still run as user:user in this instance?

Regards,

Martyn
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,205
363
Hello :)

The following document should be helpful to you:

Mod_Ruid2

Mod_ruid2 allows requests to a domain to run as the owner of that domain instead of as the Apache user. You mentioned there was a previous case where this did not happen on websites using a shared certificate with SNI. Could you let us know the thread, or ticket number where this was referenced in the past? PHP requests are run as the user.

Thank you.
 

movielad

Well-Known Member
May 14, 2003
109
2
168
cPanel Access Level
Root Administrator
Twitter
The cPanel documentation I was looking at seems to have mysteriously vanished. Probably just me - however, things do appear to be working as described in the current Mod_Ruid2 documentation on cpanel.net - and indeed, I've tested this by creating make.php in the root directory of a site with shared SSL certificate/SNI-enabled host:

Code:
<?php
mkdir('ruidtest');
file_put_contents('ruidtest/test.txt', 'Hello!'); 
?>
(sourced from Mod ruid2 - Webhosting, BTW)

Comparing the user and group names, alongside the permissions, all is working just fine (the directory and file is created and all inherit the correct username and groupname of the cPanel account) when that script is viewed through SSL or standard HTTP request.

I think the main issue I was having is that since httpd still primarily runs as 'nobody', and the PHP scripts I'm running are executed far too quickly to see from a process list POV.

Martyn
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
You could always add a sleep command at the beginning of the PHP process if you want to see it in a process list (ps).

<?php
// sleep for 10 seconds
sleep(10);
mkdir('ruidtest');
file_put_contents('ruidtest/test.txt', 'Hello!');
?>