[atomic] mod_ruid2 0.9.1-1

Atomic repository announcements, new release notifications and other news regarding the atomic yum repository.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: [atomic] mod_ruid2 0.9.1-1

Unread post by scott »

The one in question belongs to the libcap-devel package
BruceLee
Forum Regular
Forum Regular
Posts: 879
Joined: Sat Mar 28, 2009 6:58 pm
Location: Germany

Re: [atomic] mod_ruid2 0.9.1-1

Unread post by BruceLee »

Thanks.

Next step is mod_ruid2 + APC.
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Re: [atomic] mod_ruid2 0.9.1-1

Unread post by biggles »

Brucelee, do you think mod_ruid2 is ready for prime time? Anything special to consider when implementing?
BruceLee
Forum Regular
Forum Regular
Posts: 879
Joined: Sat Mar 28, 2009 6:58 pm
Location: Germany

Re: [atomic] mod_ruid2 0.9.1-1

Unread post by BruceLee »

Well, I think I will use it in production soon. Just had not the time to go further.
But I'm running only one server in production and have a dev server for testing my stuff.
So I'm not sure if my test covers enough to give an advice to go live with it.
What I know is that it is pretty widely used since the first release with previous version called mod_ruid (without 2 ;) ).
Also have read of some hosting companies that are running it from the first release and the claim it is very solid.

So I will go live as soon as I have enough time.
Concerning the implementation just follow my previous posts. That's what I needed to do to get it running.
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Re: [atomic] mod_ruid2 0.9.1-1

Unread post by biggles »

OK, thanks a bunch! Will try it out on my dev environment as well
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Re: [atomic] mod_ruid2 0.9.1-1

Unread post by biggles »

OK, installed on the test server. Wordpress just got a whole lot easier to work with! Everything seems to be working ok.

1. Installed mod_ruid2 via yum.

2. Commented out all option in /etc/httpd/conf.d/ruid2.conf

3. Added this to /etc/httpd/conf/httpd.conf

Code: Select all

LoadModule ruid2_module modules/mod_ruid2.so
<IfModule mod_ruid2.c>
  RMode config
  RUidGid apache apache
  RGroups apache psaserv
  RMinUidGid apache apache
</IfModule>
4. Created /var/www/vhosts/domain.tld/conf/vhost.conf
<Directory /var/www/vhosts/domain.tld/httpdocs>
RMode config
RUidGid dinbackup psacln
RGroups psacln
</Directory>
5. Ran /usr/local/psa/admin/sbin/websrvmng

6. Restarted httpd

Then everything was up and running. Wordpress installed without a hickup and uploading plugins works perfectly.

edit: kernel 2.6.32.27-1.art.x86_64
BruceLee
Forum Regular
Forum Regular
Posts: 879
Joined: Sat Mar 28, 2009 6:58 pm
Location: Germany

Re: [atomic] mod_ruid2 0.9.1-1

Unread post by BruceLee »

Great!
As I can see Scott updated the package. So it runs right away. Thanks Scott.
%changelog
* Mon Dec 20 2010 Scott R. Shinn <scott@atomicrocketturtle.com> - 0.9.1-2
- Updated conf to run as apache
- Fixups for eaccelerator & php sessions directories.
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Re: [atomic] mod_ruid2 0.9.1-1

Unread post by biggles »

There seems to be an updated mod_ruid version, 0.9.2. couldnät find any changelog though. Maybe we will get an updated package...
BruceLee
Forum Regular
Forum Regular
Posts: 879
Joined: Sat Mar 28, 2009 6:58 pm
Location: Germany

Re: [atomic] mod_ruid2 0.9.1-1

Unread post by BruceLee »

oh, yes maybe Scott will add that.
That's what I found about the latest change:
http://mod-ruid.svn.sourceforge.net/vie ... evision=20
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: [atomic] mod_ruid2 0.9.1-1

Unread post by scott »

The funny part is it was updated a day after I put out -2 :P 0.9.2 should be up shortly
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Re: [atomic] mod_ruid2 0.9.1-1

Unread post by biggles »

Thanks! Installed fine on my dev system.
ikkk
Forum User
Forum User
Posts: 47
Joined: Wed Jan 05, 2011 3:09 pm

Re: [atomic] mod_ruid2 0.9.1-1

Unread post by ikkk »

Bruce,

Did you manage to get the issue with "ModSecurity: Audit log: Failed to create subdirectories" sorted - testing this on a server with a heavy wordpress install and just get blank pages and this error in the logs.

Ive tried recompiling from source like you did as well - using the latest 0.9.3 version (yeseterday update) but same results.
BruceLee
Forum Regular
Forum Regular
Posts: 879
Joined: Sat Mar 28, 2009 6:58 pm
Location: Germany

Re: [atomic] mod_ruid2 0.9.1-1

Unread post by BruceLee »

how have you configured it?
ikkk
Forum User
Forum User
Posts: 47
Joined: Wed Jan 05, 2011 3:09 pm

Re: [atomic] mod_ruid2 0.9.1-1

Unread post by ikkk »

Bruce - im using this as a test config for this heavy domain

<IfModule mod_ruid2.c>
RMode config
RDefaultUidGid apache apache
RUidGid apache apache
RGroups apache psaserv psacln
RMinUidGid apache apache
</IfModule>

<Directory /var/www/vhosts/DOMAIN/subdomains/test/httpdocs>
RUidGid USERNAME psacln
RGroups apache psacln psaserv
</Directory>


I have tried with various RGroups settings, - are you not getting this issue anymore ?
mind04
New Forum User
New Forum User
Posts: 4
Joined: Tue Jan 04, 2011 6:14 pm

Re: [atomic] mod_ruid2 0.9.1-1

Unread post by mind04 »

ikkk wrote: <IfModule mod_ruid2.c>
RMode config
RDefaultUidGid apache apache
RUidGid apache apache
RGroups apache psaserv psacln
RMinUidGid apache apache
</IfModule>
Setting RMinUidGid to apache is not a good idea. RMinUidGid is in mod_ruid2 to prevent switching to system accounts in stat mode. On most linux systems these accounts u/gid are < 100 so the default is fine in most cases. Change this value only if you know exactly what you are doing...
Post Reply