How to install mod_ruid2 on cpanel server?

ikillbill

Well-Known Member
Feb 18, 2008
119
0
66
Hi

I have found that mod_ruid2 seems our best solution to have both performance +security at the same, could anyone share how to install it on cpanel without issues?

If in the future when we recompile apache from easyaapche, shall we also install mod_ruid2 manually again?

thanks!
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
38
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
This module is installed like any other Apache module that can be dynamically installed. Such as how I've explained on two recent threads for other Apache modules:

http://forums.cpanel.net/f5/mod_auth_external-227902.html
http://forums.cpanel.net/f185/how-set-mod_sed-cpanel-227452.html

The only difference for this module is that libcap-devel is required and has to be installed via yum first if you don't already have it:

Code:
yum -y install libcap-devel
The rest is just like those other threads but using the requisite module name and location:

Code:
cd /root
wget http://downloads.sourceforge.net/project/mod-ruid/mod_ruid2/mod_ruid2-0.9.4.tar.bz2
tar xvfj mod_ruid2-0.9.4.tar.bz2
cd mod_ruid2-0.9.4
apxs -a -i -l cap -c mod_ruid2.c
After doing the above, it will then put a "LoadModule" into /usr/local/apache/conf/httpd.conf file:

Code:
LoadModule ruid2_module modules/mod_ruid2.so
The module can cause conflicts during EasyApache build, so I would suggest moving it and distilling the include. First, remove the "LoadModule" line mentioned above from /usr/local/apache/conf/httpd.conf, then run these commands:

Code:
echo "LoadModule ruid2_module modules/mod_ruid2.so" >> /usr/local/apache/conf/includes/pre_main_global.conf
cp /usr/local/apache/conf/httpd/conf /usr/local/apache/conf/httpd.conf.bak110826
/usr/local/cpanel/bin/apache_conf_distiller --update
/scripts/rebuildhttpdconf
/etc/init.d/httpd restart
Now, copy the mod_ruid2.so file to /root to save a copy of it, since future /scripts/easyapache recompiles will move the file out of /usr/local/apache/modules folder:

Code:
cp /usr/local/apache/modules/mod_ruid2.so /root
Now, before you run /scripts/easyapache in the future, create these files:

Code:
vi /scripts/preeasyapache
Place the following content into the file:

Code:
#!/bin/bash

sed -i 's/LoadModule ruid2_module/#LoadModule ruid2_module/g' /usr/local/apache/conf/includes/pre_main_global.conf
Next, create this file:

Code:
vi /scripts/posteasyapache
Place the following content into the file:

Code:
#!/bin/bash

cp /root/mod_ruid2.so /usr/local/apache/modules/
sed -i 's/#LoadModule ruid2_module/LoadModule ruid2_module/g' /usr/local/apache/conf/includes/pre_main_global.conf
/etc/init.d/httpd restart
The first script comments out the LoadModule in /usr/local/apache/conf/includes/pre_main_global.conf at the beginning of the Apache build. The second script copies mod_ruid2.so back into /usr/local/apache/modules folder, uncomments the LoadModule, and restarts Apache at the end of the build.

After saving these files, ensure they can execute:

Code:
chmod +x /scripts/preeasyapache
chmod +x /scripts/posteasyapache
For this question:

If in the future when we recompile apache from easyaapche, shall we also install mod_ruid2 manually again?
If you use the steps I've indicated above, you won't have to manually recompile mod_ruid2 again.
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
38
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
Hello ikillbill,

Are you asking if you need to do it or how to do it? If you want to add directives for the module, you'd have to either put includes for each account or edit the template to include them. As such, yes, you would have to add entries for it to work to use those directives. If you want to know how to do it specifically, please indicate if you want it to be part of the default template or per individual user as includes instead, since the instructions will differ.

Thanks!
 

ikillbill

Well-Known Member
Feb 18, 2008
119
0
66
hello,

rephrasnig..

1.
we want after install this mod, when we create cpanel accounts from WHM, "all" accounts will have that mod "enabled" automatically , so we do "have to" to those templates ?


2.
on that DA link, it says
"To be sure the webmail clients etc still works we need to change the owner permissions"

Do we need to do similar thing for cpanel 's webmail work as usual?

thanks again indeed
 

Nick

Member
Dec 27, 2001
17
0
301
thanks for your article
just a small comment
don't forgot to change ruid2.conf before you run apxs
change last few lines to
<IfModule mod_ruid2.c>
RMode config
RDefaultUidGid nobody nobody
RUidGid nobody nobody
RGroups nobody
</IfModule>
otherwise your redirections domain.com/whm domain.com/cpanel wont wokr because the user mismatch
 

Nick

Member
Dec 27, 2001
17
0
301
I meant /usr/local/apache/conf/includes/pre_main_global.conf
it should be like
LoadModule ruid2_module modules/mod_ruid2.so
<IfModule mod_ruid2.c>
RMode config
RDefaultUidGid nobody nobody
RUidGid nobody nobody
RGroups nobody
</IfModule>
 

Nick

Member
Dec 27, 2001
17
0
301
also create the vhost templates vhost.local and ssl_vhost.local
To create custom template files that affect all virtual hosts:
Create a copy of one or more of the following files:
Apache 1 without SSL — /var/cpanel/templates/apache1/vhost.default
Apache 2 without SSL — /var/cpanel/templates/apache2/vhost.default
Apache 1 with SSL — /var/cpanel/templates/apache1/ssl_vhost.default
Apache 2 with SSL — /var/cpanel/templates/apache2/ssl_vhost.default
Rename the copied file to one of the following:
vhost.local — use this if you copied vhost.default.
ssl_vhost.local — use this if you copied ssl_vhost.default.
Edit the *.local files to make the changes you would like to your virtual host configuration.

I have added necessary strings after Suexec configuration
<IfModule !mod_disable_suexec.c>
SuexecUserGroup [% vhost.user %] [% vhost.group %]
</IfModule>
<IfModule mod_ruid2.c>
RMode config
RUidGid [% vhost.user %] [% vhost.group %]
RGroups nobody
</IfModule>