The mod_ruid2 is a suexec module for Apache web server which takes advantage of POSIX. The mod_ruid2 will provide an improved performance with greater security for the websites hosted on the server. This means the mod_ruid2 makes the websites load faster and also increase the security of the website. When using this Apache module, the websites hosted on the server should process the PHP under the user ownership rather than Apache user, this will help in troubleshooting various situations. DirectAdmin can be configured to use mod_ruid2 module to have this performance wise and security wise hike. When comparing suPHP and mod_php + mod_ruid2 setup (both setups will run PHP as the user), the below are the advantages of mod_ruid2 setup:
1) Less disk I/O required – mod_php already loaded in Apache, so this can ignore loading php binary and its libraries each time.
2) The settings can be changed for an individual domain name using php.ini file.
3) We can use PHP OpCache along with this setup to have much more performance.
To have this set up you have to confirm first the server is running PHP as Apache module. It is very easy to configure/set up the mod_ruid2 on a DirectAdmin server having custom-build 2.
1) First make sure you are running PHP as Apache module, which means there should have the mod_php module installed along with Apache. By default, this set up has no security, as the processes will have Apache user nobody ownership there. By enabling mod_ruid2 this will change to the user, rather than nobody user. Login to the server via command line and execute below command to make sure you run PHP as mod_php.
# grep php1_mode=mod_php /usr/local/directadmin/custombuild/options.conf -c
It will give “1” as output if it runs mod_php. If it shows 1, then go ahead to the next step.
2) To install mod_ruid2 module, run the below commands one by one on the server. Please ensure there are no errors in each step otherwise it may cause serious issues on the server.
#cd /usr/local/directadmin/custombuild/
#./build update
#./build set mod_ruid2 yes
#./build mod_ruid2
#./build rewrite_confs
If all went fine without any errors, then it’s time to correct the existing files and folders permission on the server.
3) To correct the ownership and permissions, execute the below commands one by one as root user on the server.
# cd /usr/local/directadmin/scripts && ./set_permissions.sh user_homes
# find /home/*/domains/*/public_html -type d -print0 | xargs -0 chmod 755
# find /home/*/domains/*/public_html -type f -print0 | xargs -0 chmod 644
# find /home/*/domains/*/public_html -type f -name ‘*.cgi*’ -exec chmod 755 {} \;
# find /home/*/domains/*/public_html -type f -name ‘*.pl*’ -exec chmod 755 {} \;
# find /home/*/domains/*/public_html -type f -name ‘*.pm*’ -exec chmod 755 {} \;
#cd /usr/local/directadmin/data/users && for i in `ls`; do {chown -R $i:$i /home/$i/domains/*/public_html;}; done;
That’s it, you have installed and configured the mod_ruid2 within Apache to have better performance and security.
Please feel free to get in touch with our support team if you should require assistance in setting up the above.