The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to install mod_ruid2 on cpanel server?

Discussion in 'General Discussion' started by ikillbill, Aug 25, 2011.

  1. ikillbill

    ikillbill Well-Known Member

    Joined:
    Feb 18, 2008
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    Hi

    I have found that mod_ruid2 seems our best solution to have both performance +security at the same, could anyone share how to install it on cpanel without issues?

    If in the future when we recompile apache from easyaapche, shall we also install mod_ruid2 manually again?

    thanks!
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    This module is installed like any other Apache module that can be dynamically installed. Such as how I've explained on two recent threads for other Apache modules:

    http://forums.cpanel.net/f5/mod_auth_external-227902.html
    http://forums.cpanel.net/f185/how-set-mod_sed-cpanel-227452.html

    The only difference for this module is that libcap-devel is required and has to be installed via yum first if you don't already have it:

    Code:
    yum -y install libcap-devel
    The rest is just like those other threads but using the requisite module name and location:

    Code:
    cd /root
    wget http://downloads.sourceforge.net/project/mod-ruid/mod_ruid2/mod_ruid2-0.9.4.tar.bz2
    tar xvfj mod_ruid2-0.9.4.tar.bz2
    cd mod_ruid2-0.9.4
    apxs -a -i -l cap -c mod_ruid2.c
    After doing the above, it will then put a "LoadModule" into /usr/local/apache/conf/httpd.conf file:

    Code:
    LoadModule ruid2_module modules/mod_ruid2.so
    The module can cause conflicts during EasyApache build, so I would suggest moving it and distilling the include. First, remove the "LoadModule" line mentioned above from /usr/local/apache/conf/httpd.conf, then run these commands:

    Code:
    echo "LoadModule ruid2_module modules/mod_ruid2.so" >> /usr/local/apache/conf/includes/pre_main_global.conf
    cp /usr/local/apache/conf/httpd/conf /usr/local/apache/conf/httpd.conf.bak110826
    /usr/local/cpanel/bin/apache_conf_distiller --update
    /scripts/rebuildhttpdconf
    /etc/init.d/httpd restart
    Now, copy the mod_ruid2.so file to /root to save a copy of it, since future /scripts/easyapache recompiles will move the file out of /usr/local/apache/modules folder:

    Code:
    cp /usr/local/apache/modules/mod_ruid2.so /root
    Now, before you run /scripts/easyapache in the future, create these files:

    Code:
    vi /scripts/preeasyapache
    Place the following content into the file:

    Code:
    #!/bin/bash
    
    sed -i 's/LoadModule ruid2_module/#LoadModule ruid2_module/g' /usr/local/apache/conf/includes/pre_main_global.conf
    Next, create this file:

    Code:
    vi /scripts/posteasyapache
    Place the following content into the file:

    Code:
    #!/bin/bash
    
    cp /root/mod_ruid2.so /usr/local/apache/modules/
    sed -i 's/#LoadModule ruid2_module/LoadModule ruid2_module/g' /usr/local/apache/conf/includes/pre_main_global.conf
    /etc/init.d/httpd restart
    The first script comments out the LoadModule in /usr/local/apache/conf/includes/pre_main_global.conf at the beginning of the Apache build. The second script copies mod_ruid2.so back into /usr/local/apache/modules folder, uncomments the LoadModule, and restarts Apache at the end of the build.

    After saving these files, ensure they can execute:

    Code:
    chmod +x /scripts/preeasyapache
    chmod +x /scripts/posteasyapache
    For this question:

    If you use the steps I've indicated above, you won't have to manually recompile mod_ruid2 again.
     
  3. ikillbill

    ikillbill Well-Known Member

    Joined:
    Feb 18, 2008
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello ikillbill,

    Are you asking if you need to do it or how to do it? If you want to add directives for the module, you'd have to either put includes for each account or edit the template to include them. As such, yes, you would have to add entries for it to work to use those directives. If you want to know how to do it specifically, please indicate if you want it to be part of the default template or per individual user as includes instead, since the instructions will differ.

    Thanks!
     
  5. ikillbill

    ikillbill Well-Known Member

    Joined:
    Feb 18, 2008
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    hello,

    rephrasnig..

    1.
    we want after install this mod, when we create cpanel accounts from WHM, "all" accounts will have that mod "enabled" automatically , so we do "have to" to those templates ?


    2.
    on that DA link, it says
    "To be sure the webmail clients etc still works we need to change the owner permissions"

    Do we need to do similar thing for cpanel 's webmail work as usual?

    thanks again indeed
     
  6. ikillbill

    ikillbill Well-Known Member

    Joined:
    Feb 18, 2008
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    Tristan , could you please check ?

    thanks:)
     
  7. Nick

    Nick Member

    Joined:
    Dec 27, 2001
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    thanks for your article
    just a small comment
    don't forgot to change ruid2.conf before you run apxs
    change last few lines to
    <IfModule mod_ruid2.c>
    RMode config
    RDefaultUidGid nobody nobody
    RUidGid nobody nobody
    RGroups nobody
    </IfModule>
    otherwise your redirections domain.com/whm domain.com/cpanel wont wokr because the user mismatch
     
  8. Nick

    Nick Member

    Joined:
    Dec 27, 2001
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    I meant /usr/local/apache/conf/includes/pre_main_global.conf
    it should be like
    LoadModule ruid2_module modules/mod_ruid2.so
    <IfModule mod_ruid2.c>
    RMode config
    RDefaultUidGid nobody nobody
    RUidGid nobody nobody
    RGroups nobody
    </IfModule>
     
  9. Nick

    Nick Member

    Joined:
    Dec 27, 2001
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    also create the vhost templates vhost.local and ssl_vhost.local
    To create custom template files that affect all virtual hosts:
    Create a copy of one or more of the following files:
    Apache 1 without SSL — /var/cpanel/templates/apache1/vhost.default
    Apache 2 without SSL — /var/cpanel/templates/apache2/vhost.default
    Apache 1 with SSL — /var/cpanel/templates/apache1/ssl_vhost.default
    Apache 2 with SSL — /var/cpanel/templates/apache2/ssl_vhost.default
    Rename the copied file to one of the following:
    vhost.local — use this if you copied vhost.default.
    ssl_vhost.local — use this if you copied ssl_vhost.default.
    Edit the *.local files to make the changes you would like to your virtual host configuration.

    I have added necessary strings after Suexec configuration
    <IfModule !mod_disable_suexec.c>
    SuexecUserGroup [% vhost.user %] [% vhost.group %]
    </IfModule>
    <IfModule mod_ruid2.c>
    RMode config
    RUidGid [% vhost.user %] [% vhost.group %]
    RGroups nobody
    </IfModule>
     
  10. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page