Cha0s

Member
Mar 9, 2006
17
0
151
Amsterdam
Hello,

I enabled mod_ruid2 on a server with quite a few accounts in order to use php as a DSO module instead of suPHP.

Ι've enabled mod_ruid2 on other cpanel servers as well without any glitch.


On this particular server though I can see that the httpd.conf is not recreated properly so no suid is performed on any vhost.
This causes PHP to throw permission errors since it's run as user 'nobody' instead of the user of each account.

I've tried to recompile apache/php using Easyapache many times and a full/forced cpanel update, but with no avail.

Comparing httpd.conf with another cpanel server on which mod_ruid2 works properly I see the following differences

Here is a snippet from a working vhost with mod_ruid2 on another server:

Code:
<VirtualHost *.*.*.*:80>
    ServerName domain.com
    ServerAlias www.domain.com
    DocumentRoot /home/domain/public_html
    ServerAdmin [email protected]
    UseCanonicalName Off
    CustomLog /usr/local/apache/domlogs/domain.com combined
    CustomLog /usr/local/apache/domlogs/domain.com-bytes_log "%{%s}t %I .\n%{%s}t %O ."
    ## User domain # Needed for Cpanel::ApacheConf
    <IfModule mod_suphp.c>
        suPHP_UserGroup domain domain
    </IfModule>
    <IfModule concurrent_php.c>
        php4_admin_value open_basedir "/home/domain:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp"
        php5_admin_value open_basedir "/home/domain:/usr/lib/php:/usr/local/lib/php:/tmp"
    </IfModule>
    <IfModule !concurrent_php.c>
        <IfModule mod_php4.c>
            php_admin_value open_basedir "/home/domain:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tm$
        </IfModule>
        <IfModule mod_php5.c>
            php_admin_value open_basedir "/home/domain:/usr/lib/php:/usr/local/lib/php:/tmp"
        </IfModule>
        <IfModule sapi_apache2.c>
            php_admin_value open_basedir "/home/domain:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tm$
        </IfModule>
    </IfModule>
    <IfModule !mod_disable_suexec.c>
        <IfModule !mod_ruid2.c>
            SuexecUserGroup domain domain
        </IfModule>
    </IfModule>
    <IfModule mod_ruid2.c>
        RUidGid domain domain
    </IfModule>


    # To customize this VirtualHost use an include file at the following location
    # Include "/usr/local/apache/conf/userdata/std/2/domain/domain.com/*.conf"

</VirtualHost>

While on the non-working server the vhosts are in the following format:

Code:
<VirtualHost *.*.*.*:80>
    ServerName domain.com
    ServerAlias www.domain.com
    DocumentRoot /home/domain/public_html
    ServerAdmin [email protected]
    UseCanonicalName Off
    CustomLog /usr/local/apache/domlogs/domain.com combined
    CustomLog /usr/local/apache/domlogs/domain.com-bytes_log "%{%s}t %I .\n%{%s}t %O ."
    ## User domain # Needed for Cpanel::ApacheConf
    <IfModule mod_suphp.c>
        suPHP_UserGroup domain domain
    </IfModule>
    <IfModule concurrent_php.c>
        php4_admin_value open_basedir "/home/domain/public_html:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/l$
        php5_admin_value open_basedir "/home/domain/public_html:/usr/lib/php:/usr/local/lib/php:/tmp"
    </IfModule>
    <IfModule !concurrent_php.c>
        <IfModule mod_php4.c>
            php_admin_value open_basedir "/home/domain/public_html:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php$
        </IfModule>
        <IfModule mod_php5.c>
            php_admin_value open_basedir "/home/domain/public_html:/usr/lib/php:/usr/local/lib/php:/tmp"
        </IfModule>
        <IfModule sapi_apache2.c>
            php_admin_value open_basedir "/home/domain/public_html:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php$
        </IfModule>
    </IfModule>
    <IfModule !mod_disable_suexec.c>
        SuexecUserGroup domain domain
    </IfModule>
    ScriptAlias /cgi-bin/ /home/domain/public_html/cgi-bin/
    
    
    # To customize this VirtualHost use an include file at the following location
    # Include "/usr/local/apache/conf/userdata/std/2/domain/domain.com/*.conf"
        
</VirtualHost>

For some reason the following directive:

Code:
    <IfModule mod_ruid2.c>
        RUidGid domain domain
    </IfModule>
Is not included in httpd.conf making all vhosts run as user nobody instead of each account's uid/gid.


My PHP & suEXEC configuration is as follows:

Code:
Default PHP Version (.php files) 	5
PHP 5 Handler 	dso
PHP 4 Handler 	none
 	 
Apache suEXEC 	on
Apache Ruid2 	on

How can I fix httpd.conf (without manually editing it) to include the mod_ruid2 directive so all vhosts run as the proper user/group?


Thanks.
 

abturnbull

Registered
Oct 10, 2011
3
0
51
cPanel Access Level
Root Administrator
Hi

I too have seen the exact same issue, some servers its works fine, but on the others it does exactly what you describe above.

Did you raise a ticket with Cpanel ?

Thanks
 

abturnbull

Registered
Oct 10, 2011
3
0
51
cPanel Access Level
Root Administrator
Hi

I too have seen the exact same issue, some servers its works fine, but on the others it does exactly what you describe above.

Did you raise a ticket with Cpanel ?

Thanks
My issue turned out to be

the existance of .local files here

ls -ltr /var/cpanel/templates/apache2/*vhost*local

Thanks
 

Cha0s

Member
Mar 9, 2006
17
0
151
Amsterdam
Hello,

Yes, that was the reply I got from cPanel :)

the problem is that you have a custom vhost.local template in your /var/cpanel/templates/apache2 folder. This template has the ruid entries removed. You will want to either remove the vhost.local file or edit it to put back the ruid entries.

Then run the script /scripts/rebuildhttpdconf and restart apache and you should get the results you are looking for.