Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Best profile setting

Discussion in 'Security' started by dilstar, Jul 27, 2015.

  1. dilstar

    dilstar Member

    Joined:
    Nov 20, 2013
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I am building new server, but i would like to have compeltly worrry free from symlink, i am not gonna take cloudlinux as i am on openvz.

    tell me should i go with modruid or i can go simply normal build, but if i will normally build without mod ruid, i will not no any issue as i have good experiance in normal build of easyapache but trying to think about mod ruid because of symlink protection.

    let me know what will be the best.
    if cpanel have fixed the symlinking attack issue in new cpanel version then i will install the normal web server profile .

    suggest me as it will be web host server.
    thanks
     
    #1 dilstar, Jul 27, 2015
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,010
    Likes Received:
    87
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    For most people, if you do not want to use RUID2, the "symlink race condition protection" option in EasyApache provides enough protection. You have to use a PHP handler like SuPHP or FCGI though so that file uploads are owned by the website user and not the "nobody" apache user.
     
    #2 quizknows, Jul 27, 2015
  3. dilstar

    dilstar Member

    Joined:
    Nov 20, 2013
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    why should i not use RUID2 for web host production ? whats bad in it?

    thanks
     
    #3 dilstar, Jul 27, 2015
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,010
    Likes Received:
    87
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    I am not saying that you should not use it; if you can make it work then it offers good security. You should carefully review the documentation:

    https://documentation.cpanel.net/display/EA/Apache+Module:+ModRuid2

    If you cannot use RUID2 then I am saying that the "symlink race condition protection" offers enough protection for most people to stop cross-account compromises.
     
    #4 quizknows, Jul 27, 2015
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,782
    Likes Received:
    1,712
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    As mentioned, you can find the document on Mod_Ruid2 at:

    Apache Module - Mod_Ruid2

    This document explains the compatibility issues you may face when enabling Mod_Ruid2.

    Thank you.
     
    #5 cPanelMichael, Jul 28, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - Best profile setting
  1. speckados

    Best way to change profile of cPanel Mysql

    speckados, Apr 29, 2016, in forum: Database Discussions
    Replies:
    1
    Views:
    797
    cPanelMichael
    May 2, 2016
  2. celiac101

    New Thread Best Storage Engine for MYSQL / Site Speed Improvements

    celiac101, Apr 25, 2018 at 12:34 AM, in forum: Workarounds and Optimization
    Replies:
    1
    Views:
    10
    24x7server
    Apr 25, 2018 at 3:12 AM
  3. spiderlinginc

    Create subdomains best practice?

    spiderlinginc, Jan 19, 2018, in forum: Bind / DNS / Nameserver Issues
    Replies:
    1
    Views:
    259
    cPanelMichael
    Jan 19, 2018
  4. verdon

    Best Practice for Second Server Configuration

    verdon, Sep 21, 2017, in forum: General Discussion
    Replies:
    6
    Views:
    378
    verdon
    Sep 22, 2017
  5. John Richards

    Advice on best config for http/2

    John Richards, Sep 21, 2017, in forum: Workarounds and Optimization
    Replies:
    1
    Views:
    561
    cPanelMichael
    Sep 21, 2017

Share This Page