The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

suexec AND mod_ruid2 in apache?

Discussion in 'EasyApache' started by Mike St, Feb 10, 2015.

  1. Mike St

    Mike St Member

    Joined:
    Jul 21, 2014
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Here's my problem.

    I ended up creating my own apache module to try to update a file that the default apache user has access to with no success. I keep receiving permission error even tho I asked apache to execute my module before mod_ruid2 decides to switch usernames. But then on my server, I discovered that suexec is also compiled into apache.

    Here are the modules in my server:

    core_module (static)
    authn_file_module (static)
    authn_default_module (static)
    authz_host_module (static)
    authz_groupfile_module (static)
    authz_user_module (static)
    authz_default_module (static)
    auth_basic_module (static)
    include_module (static)
    filter_module (static)
    deflate_module (static)
    log_config_module (static)
    logio_module (static)
    env_module (static)
    expires_module (static)
    headers_module (static)
    setenvif_module (static)
    version_module (static)
    proxy_module (static)
    proxy_connect_module (static)
    proxy_ftp_module (static)
    proxy_http_module (static)
    proxy_scgi_module (static)
    proxy_ajp_module (static)
    proxy_balancer_module (static)
    ssl_module (static)
    mpm_prefork_module (static)
    http_module (static)
    mime_module (static)
    status_module (static)
    autoindex_module (static)
    asis_module (static)
    info_module (static)
    suexec_module (static) ***
    cgi_module (static)
    negotiation_module (static)
    dir_module (static)
    actions_module (static)
    userdir_module (static)
    alias_module (static)
    rewrite_module (static)
    so_module (static)
    bwlimited_module (shared)
    ruid2_module (shared) ***
    php5_module (shared)


    The ones I triple-starred are ones I believe are the only ones on my list that actually switch the username from the apache default to that of the user folder.

    I used easyapache to setup my apache configuration yet there is no option specifically to disable mod_suexec and I want to do that because that functionality is already contained in ruid2_module and I'd rather have speed as opposed to redundant functionality.

    Do I have to modify a configuration file to disable mod_suexec and rerun easyapache?

    and are there any modules mentioned above that change user of the running process?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can configure suexec via:

    "WHM Home » Service Configuration » Configure PHP and suEXEC"

    Note that you may simply want to update your script so it does not have to run as the Apache user itself. Please also see:

    Mod_Ruid2 - Documentation

    Thank you.
     
  3. Mike St

    Mike St Member

    Joined:
    Jul 21, 2014
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Following your advice will cause this line to be added to the config:

    LoadModule disable_suexec_module modules/mod_disable_suexec.so

    I'd rather have no suexec related modules added regardless of whether or not they're statically compiled.
    The only user switching module I want to load is mod_ruid2.

    I want it so that when I execute httpd -M, I do not see this module in the list:

    suexec_module
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I don't believe it's possible to do that without breaking other aspects of cPanel/WHM. Are you worried about CPU utilization when it's disabled this way?

    Thank you.
     
  5. Mike St

    Mike St Member

    Joined:
    Jul 21, 2014
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I just want more speed and less memory usage and fewer crashes on the php-enabled server. With a standard setup, each apache child uses between 20 and 40MB ram which doesn't allow me to serve too many users. I'll be lucky if I can server 150 users simultaneously. I'd like to serve more because the world now consists of people wanting to get everything done all at once.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I don't believe the suexec module in it's disabled state causes any additional resource utilization compared to if it wasn't listed in the Apache modules list at all.

    Thank you.
     
Loading...

Share This Page