I thought I'd pass along my experience implementing symlink race condition protection because it might help someone else.
I'm running CentOs 6.8 on a Virtuozzo VPS with WHM 58 build 24 with EasyApache4. I was using the Event MPM with suPHP and was very happy with it, but after reading the options for symlink protection, I decided to switch back to Prefork MPM, uninstall suPHP, and install mod_ruid2, then enable Jail Apache Hosts in Tweak Settings.
Running EasyApache4 to deselect Event MPM, select Prefork MPM, and add mod_ruid2 went flawlessly. However, when I checked the box in Tweak Settings -> Security to enable "Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell", I got a customer call before I even got a chance to start testing.
Many of the sites, but not all, were returning 404 errors instead of displaying the site. I had already restarted Apache, but that didn't make any difference.
I saw an old post regarding internal case# 72109, which said, "When the mod_ruid2 + jailed virtualhosts option is enabled, virtfs directories don't get created as needed... The only known workaround at this point is to log into each users' shell account to ensure that the virtfs mount points get created before enabling jailed vhosts..."
It turned out that logging in to only one of the affected accounts' shells resolved the problem for all the affected accounts, and it seems like everything is working just fine now.
If you're going to try out mod_ruid2 like I did, before you enable Jail Apache Virtual Hosts, it would be a good idea to log in to at lease one users' shell account before doing so.
I'm running CentOs 6.8 on a Virtuozzo VPS with WHM 58 build 24 with EasyApache4. I was using the Event MPM with suPHP and was very happy with it, but after reading the options for symlink protection, I decided to switch back to Prefork MPM, uninstall suPHP, and install mod_ruid2, then enable Jail Apache Hosts in Tweak Settings.
Running EasyApache4 to deselect Event MPM, select Prefork MPM, and add mod_ruid2 went flawlessly. However, when I checked the box in Tweak Settings -> Security to enable "Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell", I got a customer call before I even got a chance to start testing.
Many of the sites, but not all, were returning 404 errors instead of displaying the site. I had already restarted Apache, but that didn't make any difference.
I saw an old post regarding internal case# 72109, which said, "When the mod_ruid2 + jailed virtualhosts option is enabled, virtfs directories don't get created as needed... The only known workaround at this point is to log into each users' shell account to ensure that the virtfs mount points get created before enabling jailed vhosts..."
It turned out that logging in to only one of the affected accounts' shells resolved the problem for all the affected accounts, and it seems like everything is working just fine now.
If you're going to try out mod_ruid2 like I did, before you enable Jail Apache Virtual Hosts, it would be a good idea to log in to at lease one users' shell account before doing so.