Symlink Protection Options

durangod

• July 24, 2014 12:18

thanks michael, Unfortunately the problem is that the first option of jailing does not work for me because that option is subdued and not even active on my panel, i can see the option but there is no way for me to get it off the default value of disabled because it is subdued and will not allow me to change it. Unfortunately i did not see

• 

  cPanelMichael

  • July 24, 2014 18:13

  Hello :) I moved this post into it's own thread because it's not related to SSH authentication (the topic of the thread you posted this reply to). You have to enable Mod_Ruid2 via EasyApache before the "EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel" jailshell." option becomes available in "Tweak Settings". Thank you.

  0
• 

  Shavaun

  • July 24, 2014 19:12

  Just as a note, if you install Mod Ruid2 and the tweak settings option that Michael mentioned, make sure that you do not select suPHP as your PHP handler. After your EasyApache build completes, the window for setting your PHP handler will pop up and allow you to change it if it was previously set to suPHP. If it is already set to something else, then you don't need to change anything. You can also change this option in WHM, via the "Configure PHP and suEXEC" interface. Also, please keep in mind that we are no longer updating the documentation at docs.cpanel.net. To view our current documentation, make sure to go to documentation.cpanel.net. For example, here is the current documentation for the symlink protection:

  0
• 

  durangod

  • July 25, 2014 00:47

  @shavaun thanks for the extra tip, thats important to mention, thats nice of you. [QUOTE]You have to enable Mod_Ruid2 via EasyApache before the "EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel" jailshell." option becomes available in "Tweak Settings".
  So what your saying is that i dont have to start from scratch with apache, i can just select the apache configuration option again from whm menu and then select the mod_ruid2 mod from there? here is my config

  0
• 

  durangod

  • July 25, 2014 01:15

  ok finally i found some text wheeewww lol
  

  0
• 

  durangod

  • July 25, 2014 02:47

  here is what the doc says [QUOTE] MPM ITK mpm-itk If you select both the Mod Ruid2 option and the MPM ITK option in EasyApache, Easyapache will deselect the Mod Ruid2 option.
  ok so my bad ok, i read that as select... not deselect.. I still think however on the MPM itk config there needs to be a note that says this will not work with mod ruid2. UPDATE: I think i may have finally gotten it this time. After you rebuild apache following the guide above then you need to select dso option from the Configure PHP and suEXEC if you did not already, then check the easy apache to see if your option to choose the profile with the ruid2 is available, it should be. Then choose that profile and then go thru the process again each step and make sure you verify at every page if it shows anywhere about the ruid2 that you select that. Then rebuild and i think that will do it. Then your option under tweaks will finally be available to select. There is also a selection under service manager that i stumbled upon for ruid2 so check that as well. Whole lot of doing stuff for one change ill tell ya. Its like stuff is scattered all over the place, i think there should be one switch. Do you want ruid2, yes or no.. And thats it, everything else is done lol

  0
• 

  durangod

  • July 25, 2014 03:42

  [QUOTE] Apache Symlink Protection: the Bluehost provided Apache patch is in effect It appears that the Bluehost provided Apache patch is being used to provide symlink protection. This is less than optimal. Please review Symlink Race Condition Protection.
  nothing i read for the ruid2 tonight said anything about bluehost. oh it came from this... To apply the patch, select Symlink Race Condition Protection from the Exhaustive Options List stage of the EasyApache interface. son of a gun folks, bouncing here and there all over the freaken place.. uggggggggg rebuild one more time and not choose that. [COLOR="silver">- - - Updated - - - does Apache suEXEC need to be on or off with ruid2? all that option says is this [QUOTE] [] Symlink Race Condition Protection
  there is no link to more info and no doc attache to it, thats why i chose it. Does not say anything about blue host option. I guess what i should have done is taken a month or so before doing this and read then entire cpanel doc first cover to cover.. Who really has time for that ya now.. I doubt if anyone other than the devs and maybe a few top support techs have even done so...

  0
• 

  durangod

  • July 25, 2014 04:23

  [url=http://en.wikipedia.org/wiki/SuEXEC]suEXEC - Wikipedia, the free encyclopedia ok off then.. :) scratch that lol.... yes then because if its no then youll get a flag on security advisor lmao... i feel like a rubber ball bouncing endlessly down the tunnel to nowhere lmao :) [COLOR="silver">- - - Updated - - - yes thank goodness, finally i can call that one done... lets have a party lol... ill invite myself... :)

  0
• 

  cPanelMichael

  • July 25, 2014 14:13

  Hello :) I am happy to see you were able to address the issue. I just want to clarify, the forum thread you referenced does not mean you have to enable "ALL" of those solutions. It's giving you options. Thus, if you were to choose mod_ruid + jailshell, then the BluePatch is not necessary at all. Thank you.

  0

Please sign in to leave a comment.