Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to install mod_ruid2 on cpanel server?

Discussion in 'General Discussion' started by ikillbill, Aug 25, 2011.

  1. ikillbill

    ikillbill Well-Known Member

    Joined:
    Feb 18, 2008
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    66
    Hi

    I have found that mod_ruid2 seems our best solution to have both performance +security at the same, could anyone share how to install it on cpanel without issues?

    If in the future when we recompile apache from easyaapche, shall we also install mod_ruid2 manually again?

    thanks!
     
    #1 ikillbill, Aug 25, 2011
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    This module is installed like any other Apache module that can be dynamically installed. Such as how I've explained on two recent threads for other Apache modules:

    http://forums.cpanel.net/f5/mod_auth_external-227902.html
    http://forums.cpanel.net/f185/how-set-mod_sed-cpanel-227452.html

    The only difference for this module is that libcap-devel is required and has to be installed via yum first if you don't already have it:

    Code:
    yum -y install libcap-devel
    The rest is just like those other threads but using the requisite module name and location:

    Code:
    cd /root
wget http://downloads.sourceforge.net/project/mod-ruid/mod_ruid2/mod_ruid2-0.9.4.tar.bz2
tar xvfj mod_ruid2-0.9.4.tar.bz2
cd mod_ruid2-0.9.4
apxs -a -i -l cap -c mod_ruid2.c
    After doing the above, it will then put a "LoadModule" into /usr/local/apache/conf/httpd.conf file:

    Code:
    LoadModule ruid2_module modules/mod_ruid2.so
    The module can cause conflicts during EasyApache build, so I would suggest moving it and distilling the include. First, remove the "LoadModule" line mentioned above from /usr/local/apache/conf/httpd.conf, then run these commands:

    Code:
    echo "LoadModule ruid2_module modules/mod_ruid2.so" >> /usr/local/apache/conf/includes/pre_main_global.conf
cp /usr/local/apache/conf/httpd/conf /usr/local/apache/conf/httpd.conf.bak110826
/usr/local/cpanel/bin/apache_conf_distiller --update
/scripts/rebuildhttpdconf
/etc/init.d/httpd restart
    Now, copy the mod_ruid2.so file to /root to save a copy of it, since future /scripts/easyapache recompiles will move the file out of /usr/local/apache/modules folder:

    Code:
    cp /usr/local/apache/modules/mod_ruid2.so /root
    Now, before you run /scripts/easyapache in the future, create these files:

    Code:
    vi /scripts/preeasyapache
    Place the following content into the file:

    Code:
    #!/bin/bash

sed -i 's/LoadModule ruid2_module/#LoadModule ruid2_module/g' /usr/local/apache/conf/includes/pre_main_global.conf
    Next, create this file:

    Code:
    vi /scripts/posteasyapache
    Place the following content into the file:

    Code:
    #!/bin/bash

cp /root/mod_ruid2.so /usr/local/apache/modules/
sed -i 's/#LoadModule ruid2_module/LoadModule ruid2_module/g' /usr/local/apache/conf/includes/pre_main_global.conf
/etc/init.d/httpd restart
    The first script comments out the LoadModule in /usr/local/apache/conf/includes/pre_main_global.conf at the beginning of the Apache build. The second script copies mod_ruid2.so back into /usr/local/apache/modules folder, uncomments the LoadModule, and restarts Apache at the end of the build.

    After saving these files, ensure they can execute:

    Code:
    chmod +x /scripts/preeasyapache
chmod +x /scripts/posteasyapache
    For this question:

    If you use the steps I've indicated above, you won't have to manually recompile mod_ruid2 again.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelTristan, Aug 26, 2011
  3. ikillbill

    ikillbill Well-Known Member

    Joined:
    Feb 18, 2008
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    66
    #3 ikillbill, Aug 27, 2011
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello ikillbill,

    Are you asking if you need to do it or how to do it? If you want to add directives for the module, you'd have to either put includes for each account or edit the template to include them. As such, yes, you would have to add entries for it to work to use those directives. If you want to know how to do it specifically, please indicate if you want it to be part of the default template or per individual user as includes instead, since the instructions will differ.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelTristan, Aug 28, 2011
  5. ikillbill

    ikillbill Well-Known Member

    Joined:
    Feb 18, 2008
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    66
    hello,

    rephrasnig..

    1.
    we want after install this mod, when we create cpanel accounts from WHM, "all" accounts will have that mod "enabled" automatically , so we do "have to" to those templates ?


    2.
    on that DA link, it says
    "To be sure the webmail clients etc still works we need to change the owner permissions"

    Do we need to do similar thing for cpanel 's webmail work as usual?

    thanks again indeed
     
    #5 ikillbill, Aug 28, 2011
  6. ikillbill

    ikillbill Well-Known Member

    Joined:
    Feb 18, 2008
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    66
    Tristan , could you please check ?

    thanks:)
     
    #6 ikillbill, Aug 29, 2011
  7. Nick

    Nick Member

    Joined:
    Dec 27, 2001
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    301
    thanks for your article
    just a small comment
    don't forgot to change ruid2.conf before you run apxs
    change last few lines to
    <IfModule mod_ruid2.c>
    RMode config
    RDefaultUidGid nobody nobody
    RUidGid nobody nobody
    RGroups nobody
    </IfModule>
    otherwise your redirections domain.com/whm domain.com/cpanel wont wokr because the user mismatch
     
    #7 Nick, Nov 11, 2011
  8. Nick

    Nick Member

    Joined:
    Dec 27, 2001
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    301
    I meant /usr/local/apache/conf/includes/pre_main_global.conf
    it should be like
    LoadModule ruid2_module modules/mod_ruid2.so
    <IfModule mod_ruid2.c>
    RMode config
    RDefaultUidGid nobody nobody
    RUidGid nobody nobody
    RGroups nobody
    </IfModule>
     
    #8 Nick, Nov 14, 2011
  9. Nick

    Nick Member

    Joined:
    Dec 27, 2001
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    301
    also create the vhost templates vhost.local and ssl_vhost.local
    To create custom template files that affect all virtual hosts:
    Create a copy of one or more of the following files:
    Apache 1 without SSL — /var/cpanel/templates/apache1/vhost.default
    Apache 2 without SSL — /var/cpanel/templates/apache2/vhost.default
    Apache 1 with SSL — /var/cpanel/templates/apache1/ssl_vhost.default
    Apache 2 with SSL — /var/cpanel/templates/apache2/ssl_vhost.default
    Rename the copied file to one of the following:
    vhost.local — use this if you copied vhost.default.
    ssl_vhost.local — use this if you copied ssl_vhost.default.
    Edit the *.local files to make the changes you would like to your virtual host configuration.

    I have added necessary strings after Suexec configuration
    <IfModule !mod_disable_suexec.c>
    SuexecUserGroup [% vhost.user %] [% vhost.group %]
    </IfModule>
    <IfModule mod_ruid2.c>
    RMode config
    RUidGid [% vhost.user %] [% vhost.group %]
    RGroups nobody
    </IfModule>
     
    #9 Nick, Nov 14, 2011
  10. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,216
    Likes Received:
    10
    Trophy Points:
    313
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    #10 cPanelDavidG, Dec 29, 2011
(You must log in or sign up to post here.)
Loading...
Similar Threads - install mod_ruid2 cpanel
  1. zalocus

    install mod_ruid2 causes warning

    zalocus, Aug 16, 2018, in forum: EasyApache
    Replies:
    1
    Views:
    125
    cPanelMichael
    Aug 16, 2018
  2. Timino

    New Thread SSL Cert available but installation fails

    Timino, Dec 11, 2018 at 8:42 AM, in forum: Security
    Replies:
    1
    Views:
    129
    Timino
    Dec 11, 2018 at 8:54 PM
  3. BrushGay

    New Thread How to Install sysschema?

    BrushGay, Dec 10, 2018 at 10:32 PM, in forum: Database Discussion
    Replies:
    0
    Views:
    58
    BrushGay
    Dec 10, 2018 at 10:32 PM
  4. kamranonline

    curl error on OWASP ModSecurity Core Rule Set V3.0 installation

    kamranonline, Dec 10, 2018 at 5:57 AM, in forum: Security
    Replies:
    1
    Views:
    178
    cPanelLauren
    Dec 12, 2018 at 12:55 PM
  5. Stanislav.Anv

    Clean installation (Apache php only)

    Stanislav.Anv, Dec 7, 2018, in forum: Workarounds and Optimization
    Replies:
    4
    Views:
    110
    cPanelLauren
    Dec 7, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice