HOWTO Apache + php mod_ruid2 on Centos on Direct Admin

https://forum.directadmin.com/showthread.php?t=37467

Since there are alot of people asking for it, here is my HowTo about mod_ruid2
This is based on my CentOS server with Apache 2.x.

Installing this module its no longer needed to chmod config files to 666 or upload/attachments directories to 777. Since with this module enabled everything @ HTTP will run under the user itself and not ‘apache’ anymore.

** If you are using mod_ruid instead of mod_ruid2, first of all remove the mod_ruid line from ‘/etc/httpd/conf/httpd.conf

First, we are going to install libcap-devel

yum -y install libcap-devel

After this is done we are going to download and install mod_ruid2

wget -O mod_ruid2-0.9.7.tar.bz2 “http://downloads.sourceforge.net/project/mod-ruid/mod_ruid2/mod_ruid2-0.9.7.tar.bz2?r=&ts=1335638772&use_mirror=kent”
tar xjf mod_ruid2-0.9.7.tar.bz2
cd mod_ruid2-0.9.7
apxs -a -i -l cap -c mod_ruid2.c

Now, if you didn’t get any errors mod_ruid2 should be installed and added to the ‘/etc/httpd/conf/httpd.conf‘.
Lets confirm mod_ruid2 is added

grep ‘mod_ruid2’ /etc/httpd/conf/httpd.conf

If you get any response like below its installed

LoadModule ruid2_module /usr/lib/apache/mod_ruid2.so

Now we need to modify the DA httpd.conf templates a little bit to enable mod_ruid2 for the users

Now copy the template files to custom

cd /usr/local/directadmin/data/templates/
cp virtual_host2* custom/
chown -R diradmin:diradmin custom/

Now you have copied the original templates to the ‘custom’ directory, so they won’t be overwritten.

Code:
cd /usr/local/directadmin/data/templates/custom/

Now follow the steps below for each virtual_host2 file you’ve copied

nano -w virtual_host2.conf
## replace line: SuexecUserGroup |USER| |GROUP|
## replace with: #SuexecUserGroup |USER| |GROUP|
## Add the lines below under the just replaced line
RMode config
RUidGid |USER| |GROUP|
RGroups apache

Save the files and lets rewrite the HTTPd config files

echo “action=rewrite&value=httpd” >> /usr/local/directadmin/data/task.queue

If you want you can start the rewrite of the HTTPd config files manually, just paste the line below and wait when its done

/usr/local/directadmin/dataskq d800

After the rewrite is complete you can restart HTTPd with the command below

/etc/init.d/httpd restart

Now mod_ruid2 should be installed and you don’t need to chmod anymore like ‘chmod 666 config.php’ or ‘chmod 777 uploads’.

To be sure the webmail clients etc still works we need to change the owner permissions

chown -R webapps:webapps /var/www/html

Edit by NoBaloney; see posts 324 and 325, page 17 of this thread:
And last you need to modify httpd-directories.conf

Code:
nano -w /etc/httpd/conf/extra/httpd-directories.conf

Add the RUidGid line below between the <Directory “/var/www/html”> and </Directory>

Code:
<Directory "/var/www/html">
    Options -Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
   <IfModule mod_suphp.c>
        suPHP_Engine On
        suPHP_UserGroup webapps webapps
        SetEnv PHP_INI_SCAN_DIR
   </IfModule>
   RUidGid webapps webapps
</Directory>

* Thanks to Arieh for this change.
End edit by NoBaloney

** Questions with Answers **
——————————————————-
Q: How can I test this is working?
A: Easy, install some CMS that you are used before. Like WordPress, Joomla that required (before!!) chmod 666 or 777 to get install/working.

Q: I’ve dirs/files owned by apache for some users, must I change this?
A: Yes, you need to give the dirs/files owner of the user itself, not apache anymore. Check below
Thanks for snk for the commands below, to fix the owner permissions of the dirs/files


[sourcecode language="plain"]
cd /usr/local/directadmin/scripts &amp;&amp; ./set_permissions.sh user_homes
find /home/*/domains/*/public_html -type d -print0 | xargs -0 chmod 711
find /home/*/domains/*/public_html -type f -print0 | xargs -0 chmod 644
find /home/*/domains/*/public_html -type f -name '*.cgi*' -exec chmod 755 {} \;
find /home/*/domains/*/public_html -type f -name '*.pl*' -exec chmod 755 {} \;
find /home/*/domains/*/public_html -type f -name '*.pm*' -exec chmod 755 {} \;
cd /usr/local/directadmin/data/users &amp;&amp; for i in `ls`; do { chown -R $i:$i /home/$i/domains/*/public_html;}; done;
[/sourcecode]

* Added ‘&&’ so if they do a typo, it won’t change anything.

 

For those who use Debian:

Code:
aptitude install libcap2-dev

Q: I’ve dirs/files owned by apache for some users, must I change this?
A: Yes, you need to give the dirs/files owner of the user itself, not apache anymore.

if you allow i will add to your how-to this part:

Code:
cd /usr/local/directadmin/scripts ; ./set_permissions.sh user_homes
find /home/*/domains/*/public_html -type d -print0 | xargs -0 chmod 711
find /home/*/domains/*/public_html -type f -print0 | xargs -0 chmod 644
cd /usr/local/directadmin/data/users
for i in `ls`; do { chown -R $i:$i /home/$i/domains/*/public_html;}; done;

It will reset owner of directory/files to users