Skip to main content

Security Implications of Mod_Userdir

Comments

2 comments

  • linux4me2
    AFAIK, the main reasons to use mod_ruid2 are for Symlink Race Condition Protection and to have PHP processes run under the users' accounts without running suPHP. There are some drawbacks to using mod_ruid2 beyond just the inability to use mod_userdir. Until cPanel v.58.0.30, mod_ruid2 interfered with mod_security writing to the audit logs by user. That's supposed to be fixed, but there is still a conflict that prevents any of the mod_security rules that use data persistence--like those preventing brute force login attempts--from writing to the DBM files that breaks important parts of mod_security. That was enough for me to quit using mod_ruid2 and look for alternative symlink race condition protections.
    0
  • cPanelMichael
    Hello, In addition to the previous post, we also document some of the security implications of using Mod_Userdir at: Apache mod_userdir Tweak - Documentation - cPanel Documentation Let us know if you have any additional questions. Thanks!
    0

Please sign in to leave a comment.