The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Best profile setting

Discussion in 'Security' started by dilstar, Jul 27, 2015.

  1. dilstar

    dilstar Member

    Joined:
    Nov 20, 2013
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I am building new server, but i would like to have compeltly worrry free from symlink, i am not gonna take cloudlinux as i am on openvz.

    tell me should i go with modruid or i can go simply normal build, but if i will normally build without mod ruid, i will not no any issue as i have good experiance in normal build of easyapache but trying to think about mod ruid because of symlink protection.

    let me know what will be the best.
    if cpanel have fixed the symlinking attack issue in new cpanel version then i will install the normal web server profile .

    suggest me as it will be web host server.
    thanks
     
    #1 dilstar, Jul 27, 2015
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    982
    Likes Received:
    75
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    For most people, if you do not want to use RUID2, the "symlink race condition protection" option in EasyApache provides enough protection. You have to use a PHP handler like SuPHP or FCGI though so that file uploads are owned by the website user and not the "nobody" apache user.
     
    #2 quizknows, Jul 27, 2015
  3. dilstar

    dilstar Member

    Joined:
    Nov 20, 2013
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    why should i not use RUID2 for web host production ? whats bad in it?

    thanks
     
    #3 dilstar, Jul 27, 2015
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    982
    Likes Received:
    75
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    I am not saying that you should not use it; if you can make it work then it offers good security. You should carefully review the documentation:

    https://documentation.cpanel.net/display/EA/Apache+Module:+ModRuid2

    If you cannot use RUID2 then I am saying that the "symlink race condition protection" offers enough protection for most people to stop cross-account compromises.
     
    #4 quizknows, Jul 27, 2015
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    As mentioned, you can find the document on Mod_Ruid2 at:

    Apache Module - Mod_Ruid2

    This document explains the compatibility issues you may face when enabling Mod_Ruid2.

    Thank you.
     
    #5 cPanelMichael, Jul 28, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - Best profile setting
  1. speckados

    Best way to change profile of cPanel Mysql

    speckados, Apr 29, 2016, in forum: Database Discussions
    Replies:
    1
    Views:
    581
    cPanelMichael
    May 2, 2016
  2. Rajesh Chauhan

    Best configuration for High Realtime Traffic

    Rajesh Chauhan, Jun 13, 2017, in forum: General Discussion
    Replies:
    1
    Views:
    154
    cPanelMichael
    Jun 13, 2017
  3. Keith007

    SOLVED EasyApache 4 best config?

    Keith007, Jun 11, 2017, in forum: EasyApache
    Replies:
    21
    Views:
    645
    intuitivsol
    Jul 12, 2017
  4. toplisek

    Which log reader is the best for cPanel?

    toplisek, May 3, 2017, in forum: General Discussion
    Replies:
    3
    Views:
    172
    AppJetty
    May 9, 2017
  5. webmasteryoda

    SOLVED Best way to transfer very large accounts

    webmasteryoda, Mar 23, 2017, in forum: Data Protection
    Replies:
    7
    Views:
    547
    webmasteryoda
    May 1, 2017

Share This Page