The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

11.38.2, Apache 2.4.6, PHP 5.4.17, mod_ruid2 and shared SSL/SNI certificates

Discussion in 'Security' started by movielad, Aug 14, 2013.

  1. movielad

    movielad Well-Known Member
    PartnerNOC

    Joined:
    May 14, 2003
    Messages:
    107
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    DataCenter Provider
    Hello,

    Is it still the case that sites hanging off a single IP with shared certificates in SNI configuration, with mod_ruid2 enabled, will see Apache requests come from nobody? Does PHP still run as user:user in this instance?

    Regards,

    Martyn
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The following document should be helpful to you:

    Mod_Ruid2

    Mod_ruid2 allows requests to a domain to run as the owner of that domain instead of as the Apache user. You mentioned there was a previous case where this did not happen on websites using a shared certificate with SNI. Could you let us know the thread, or ticket number where this was referenced in the past? PHP requests are run as the user.

    Thank you.
     
  3. movielad

    movielad Well-Known Member
    PartnerNOC

    Joined:
    May 14, 2003
    Messages:
    107
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    DataCenter Provider
    The cPanel documentation I was looking at seems to have mysteriously vanished. Probably just me - however, things do appear to be working as described in the current Mod_Ruid2 documentation on cpanel.net - and indeed, I've tested this by creating make.php in the root directory of a site with shared SSL certificate/SNI-enabled host:

    Code:
    <?php
    mkdir('ruidtest');
    file_put_contents('ruidtest/test.txt', 'Hello!'); 
    ?>
    
    (sourced from Mod ruid2 - Webhosting, BTW)

    Comparing the user and group names, alongside the permissions, all is working just fine (the directory and file is created and all inherit the correct username and groupname of the cPanel account) when that script is viewed through SSL or standard HTTP request.

    I think the main issue I was having is that since httpd still primarily runs as 'nobody', and the PHP scripts I'm running are executed far too quickly to see from a process list POV.

    Martyn
     
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    You could always add a sleep command at the beginning of the PHP process if you want to see it in a process list (ps).

    <?php
    // sleep for 10 seconds
    sleep(10);
    mkdir('ruidtest');
    file_put_contents('ruidtest/test.txt', 'Hello!');
    ?>
     
Loading...

Share This Page