Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Best profile setting

Discussion in 'Security' started by dilstar, Jul 27, 2015.

  1. dilstar

    dilstar Member

    Joined:
    Nov 20, 2013
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I am building new server, but i would like to have compeltly worrry free from symlink, i am not gonna take cloudlinux as i am on openvz.

    tell me should i go with modruid or i can go simply normal build, but if i will normally build without mod ruid, i will not no any issue as i have good experiance in normal build of easyapache but trying to think about mod ruid because of symlink protection.

    let me know what will be the best.
    if cpanel have fixed the symlinking attack issue in new cpanel version then i will install the normal web server profile .

    suggest me as it will be web host server.
    thanks
     
    #1 dilstar, Jul 27, 2015
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,011
    Likes Received:
    89
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    For most people, if you do not want to use RUID2, the "symlink race condition protection" option in EasyApache provides enough protection. You have to use a PHP handler like SuPHP or FCGI though so that file uploads are owned by the website user and not the "nobody" apache user.
     
    #2 quizknows, Jul 27, 2015
  3. dilstar

    dilstar Member

    Joined:
    Nov 20, 2013
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    why should i not use RUID2 for web host production ? whats bad in it?

    thanks
     
    #3 dilstar, Jul 27, 2015
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,011
    Likes Received:
    89
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    I am not saying that you should not use it; if you can make it work then it offers good security. You should carefully review the documentation:

    https://documentation.cpanel.net/display/EA/Apache+Module:+ModRuid2

    If you cannot use RUID2 then I am saying that the "symlink race condition protection" offers enough protection for most people to stop cross-account compromises.
     
    #4 quizknows, Jul 27, 2015
  5. cPanelMichael

    cPanelMichael Administrator Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,751
    Likes Received:
    1,995
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    As mentioned, you can find the document on Mod_Ruid2 at:

    Apache Module - Mod_Ruid2

    This document explains the compatibility issues you may face when enabling Mod_Ruid2.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 cPanelMichael, Jul 28, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - Best profile setting
  1. inteldigital

    Best server side caching on Centos 7/Cloudlinux?

    inteldigital, Nov 13, 2018, in forum: Workarounds and Optimization
    Replies:
    4
    Views:
    344
    cPanelMichael
    Nov 15, 2018
  2. DennisMidjord

    SOLVED Best approach to resellers?

    DennisMidjord, Oct 26, 2018, in forum: General Discussion
    Replies:
    10
    Views:
    165
    cPanelMichael
    Oct 26, 2018
  3. Host4life

    Best way to set up Nameservers, and Shared IP?

    Host4life, Oct 10, 2018, in forum: Bind/DNS/Nameserver
    Replies:
    1
    Views:
    212
    cPanelLauren
    Oct 16, 2018
  4. cacabrera

    cPanel best partition

    cacabrera, Aug 13, 2018, in forum: General Discussion
    Replies:
    6
    Views:
    272
    sysnishit
    Aug 21, 2018
  5. Shood

    Best way to avoid delay receive/send emails

    Shood, Jun 20, 2018, in forum: E-mail Discussion
    Replies:
    12
    Views:
    579
    Shood
    Jun 25, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice