mod_sucgid -- high performance CGI daemon
| Description: | Execution of CGI scripts using an external CGI daemon |
| Status: | External |
| Module Identifier: | sucgid_module |
| Source Files: | mod_sucgid.c sucgid_daemon.c |
| Compatibility: | Unix pre-fork and threaded MPMs |
Summary
mod_sucgid is a cross between suExec and mod_cgid. It runs CGI scripts more efficiently via daemon process, but it runs them under correct user id/group id, in similar way to suExecOne major difference is that it uses lve kernel to switch process user id/group id
- mod_sucgid is based on Apache mod_cgid
- it consists of Apache module that replaces mod_suexec and mod_suPHP and daemon that communicates with module via unix pipes, and executes cgi scripts
- it uses RLimit settings from apache config for CPU/Memory/NPROC
- the daemon will enter (via ioctl call) lve before executing CGI script, and exit LVE right after execution of the script
- setuid/setgid are used to set user/group
- mod_suexec is needed for user/group settings to work (alternatively it can work with POA vhost module can be used)
ScriptLog
The name of the log for scirpt debugging info
ScriptLogLength
The maximum length (in bytes) of the script debug log
ScriptLogBuffer
The maximum size (in bytes) to record of a POST request
SuexecUserGroup
User and group for processes spawned by daemon
ScriptDaemon
| Description: | path to the daemon executable |
| Syntax: | ScriptDaemon file-path |
| Default: | ScriptDaemon /usr/local/sbin/daemon_sucgid |
| Context: | server config |
| Status: | External |
| Module: | mod_sucgid |
This directive sets absolute path to the location of daemon executable. The daemon will be executed as root, and will drop its permissions to cloudlinux user. cloudlinux user is authorized to use lve features and to switch uid/gid of the running process.
Example:ScriptDaemon /usr/local/apache/bin/daemon_sucgid
ScriptSock Directive
| Description: | The name of the socket to use for commucation with the cgi daemon |
| Syntax: | ScriptSock file-path |
| Default: | ScriptSock logs/sucgi.sock |
| Context: | server config |
| Status: | External |
| Module: | mod_sucgid |
This directive sets the name of the socket to use for communication with the SuCGI daemon. The socket will be opened using the permissions of the user who runs Apache (usually apache), and grants permissions for cloudlinux user to read it. Daemon process is executed under cloudlinux permissions. To maintain the security of communications with CGI scripts, it is important that no other user has permission to write in the directory where the socket is located
ExampleScriptSock /var/run/cgid.sock
ScriptDaemonsCount
| Description: | The number of the clid daemons that will be created |
| Syntax: | ScriptDaemonsCount number |
| Default: | ScriptDaemonsCount 8 |
| Context: | server config |
| Status: | External |
| Module: | mod_sucgid |
The number of the child daemons that accept connections on the socket
ExampleScriptDaemonsCount 4
ScriptTTL
| Description: | The number of seconds to wait for the daemon to respond. 0 means don't wait at all. Any number less then 0 means wait forever |
| Syntax: | ScriptTTL number |
| Default: | ScriptTTL 120 |
| Context: | server config |
| Status: | External |
| Module: | mod_sucgid |
The number of the child daemons that accept connections on the socket
ExampleScriptTTL 20
EnableLVE
| Description: | enable/disable LVE support |
| Syntax: | EnableLVE Off |
| Default: | EnableLVE On |
| Context: | server config |
| Status: | External |
| Module: | mod_sucgid |
This directive enables/disables use of LVE in mod_sucgid
Example:EnableLVE Off
LVEIgnoreErrors
| Description: | Ignores LVE related kernel level errors |
| Syntax: | LVEIgnoreErrors off |
| Default: | on |
| Context: | server config |
| Status: | External |
| Module: | mod_sucgid |
Specifies if CGI scripts should be executed even if LVE enter failed (excluding if it failed due to max entry limits)
Example<Directory "/home/user1/domain.com/forums"> LVEIgnoreErrors on </Directory>
LVEId
| Description: | Allows to setup separate LVE id on per directory level. If not set, user id of corresponding user is used |
| Syntax: | LVEId number |
| Default: | User Id is used |
| Context: | directory config |
| Status: | External |
| Module: | mod_sucgid |
Specifies LVE id for particular directory
Example<Directory "/home/user1/domain.com/forums"> LVEId 10001 </Directory>