mod_ruid2 vs mod_suexec

Question

What's the difference between mod_ruid2 and mod_suexec, and which one should I use?

Answer

The Difference

mod_suexec is a module made available by Apache to streamline requests to be processed on a user-level basis. This workflow is vital from a security standpoint as it prevents Apache from directly executing scripts which would potentially cause damage if a malicious script made its way to the server, granting that script access to other user site data (if the script was executed as Apache).

mod_ruid2 is also an Apache suexec module that exhibits the advantages of having mod_suexec. With the added security mod_suexec provides, mod_ruid2, in addition, aims to improve overall performance by making use of POSIX.1e capabilities.

Which one should I use?

By default, a fresh cPanel install should come shipped with mod_ruid2 enabled within the default profile. Usage primarily depends on server necessity, how much resources are you willing to dedicate to Apache, and compatibility with other modules. Common incompatibility with mod_ruid2 would include ModSecurity, you can learn more about this by reading How to fix Failed to access DBM file.

Resources

• mod_ruid2 | mind04's GitHub (upstream)
• mod_suexec (Apache Documentation)