Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Best profile setting

Discussion in 'Security' started by dilstar, Jul 27, 2015.

  1. dilstar

    dilstar Member

    Joined:
    Nov 20, 2013
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I am building new server, but i would like to have compeltly worrry free from symlink, i am not gonna take cloudlinux as i am on openvz.

    tell me should i go with modruid or i can go simply normal build, but if i will normally build without mod ruid, i will not no any issue as i have good experiance in normal build of easyapache but trying to think about mod ruid because of symlink protection.

    let me know what will be the best.
    if cpanel have fixed the symlinking attack issue in new cpanel version then i will install the normal web server profile .

    suggest me as it will be web host server.
    thanks
     
    #1 dilstar, Jul 27, 2015
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,010
    Likes Received:
    87
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    For most people, if you do not want to use RUID2, the "symlink race condition protection" option in EasyApache provides enough protection. You have to use a PHP handler like SuPHP or FCGI though so that file uploads are owned by the website user and not the "nobody" apache user.
     
    #2 quizknows, Jul 27, 2015
  3. dilstar

    dilstar Member

    Joined:
    Nov 20, 2013
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    why should i not use RUID2 for web host production ? whats bad in it?

    thanks
     
    #3 dilstar, Jul 27, 2015
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,010
    Likes Received:
    87
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    I am not saying that you should not use it; if you can make it work then it offers good security. You should carefully review the documentation:

    https://documentation.cpanel.net/display/EA/Apache+Module:+ModRuid2

    If you cannot use RUID2 then I am saying that the "symlink race condition protection" offers enough protection for most people to stop cross-account compromises.
     
    #4 quizknows, Jul 27, 2015
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,699
    Likes Received:
    1,790
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    As mentioned, you can find the document on Mod_Ruid2 at:

    Apache Module - Mod_Ruid2

    This document explains the compatibility issues you may face when enabling Mod_Ruid2.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 cPanelMichael, Jul 28, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - Best profile setting
  1. Shood

    Best way to avoid delay receive/send emails

    Shood, Jun 20, 2018 at 6:26 PM, in forum: E-mail Discussion
    Replies:
    8
    Views:
    49
    cPanelMichael
    Jun 21, 2018 at 10:36 AM
  2. CloudNexus

    Best practices for plugin user settings

    CloudNexus, May 18, 2018, in forum: cPanel Developers
    Replies:
    5
    Views:
    105
    cPanelLauren
    Jun 19, 2018 at 7:38 AM
  3. Razva

    Best Apache + PHP configuration for a fresh server?

    Razva, Apr 30, 2018, in forum: EasyApache
    Replies:
    6
    Views:
    213
    vlee
    May 4, 2018
  4. lunaimage

    Best way to manage a group email?

    lunaimage, Apr 25, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    75
    cPanelLauren
    Apr 26, 2018
  5. celiac101

    Best Storage Engine for MYSQL / Site Speed Improvements

    celiac101, Apr 25, 2018, in forum: Workarounds and Optimization
    Replies:
    7
    Views:
    257
    celiac101
    May 9, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice