SetTitle("mod_sucgid -- high performance CGI daemon"); ?>
Description:Execution of CGI scripts using an external CGI daemon
Status:External
Module Identifier:sucgid_module
Source Files:mod_sucgid.c sucgid_daemon.c
Compatibility:Unix pre-fork and threaded MPMs

Summary 

mod_sucgid is a cross between suExec and mod_cgid. It runs CGI scripts more efficiently via daemon process, but it runs them under correct user id/group id, in similar way to suExec
One major difference is that it uses lve kernel to switch process user id/group id
  1. mod_sucgid is based on Apache mod_cgid
  2. it consists of Apache module that replaces mod_suexec and mod_suPHP and daemon that communicates with module via unix pipes, and executes cgi scripts
  3. it uses RLimit settings from apache config for CPU/Memory/NPROC
  4. the daemon will enter (via ioctl call) lve before executing CGI script, and exit LVE right after execution of the script
  5. setuid/setgid are used to set user/group
  6. mod_suexec is needed for user/group settings to work (alternatively it can work with POA vhost module can be used)

ScriptLog 

The name of the log for scirpt debugging info

ScriptLogLength 

The maximum length (in bytes) of the script debug log

ScriptLogBuffer 

The maximum size (in bytes) to record of a POST request

SuexecUserGroup 

User and group for processes spawned by daemon

ScriptDaemon 

Description:path to the daemon executable
Syntax:ScriptDaemon file-path
Default:ScriptDaemon /usr/local/sbin/daemon_sucgid
Context:server config
Status:External
Module:mod_sucgid

This directive sets absolute path to the location of daemon executable. The daemon will be executed as root, and will drop its permissions to cloudlinux user. cloudlinux user is authorized to use lve features and to switch uid/gid of the running process.

Example:
ScriptDaemon /usr/local/apache/bin/daemon_sucgid

ScriptSock Directive 

Description:The name of the socket to use for commucation with the cgi daemon
Syntax:ScriptSock file-path
Default:ScriptSock logs/sucgi.sock
Context:server config
Status:External
Module:mod_sucgid

This directive sets the name of the socket to use for communication with the SuCGI daemon. The socket will be opened using the permissions of the user who runs Apache (usually apache), and grants permissions for cloudlinux user to read it. Daemon process is executed under cloudlinux permissions. To maintain the security of communications with CGI scripts, it is important that no other user has permission to write in the directory where the socket is located

Example
ScriptSock /var/run/cgid.sock 

ScriptDaemonsCount 

Description:The number of the clid daemons that will be created
Syntax:ScriptDaemonsCount number
Default:ScriptDaemonsCount 8
Context:server config
Status:External
Module:mod_sucgid

The number of the child daemons that accept connections on the socket

Example
ScriptDaemonsCount 4

ScriptTTL 

Description:The number of seconds to wait for the daemon to respond. 0 means don't wait at all. Any number less then 0 means wait forever
Syntax:ScriptTTL number
Default:ScriptTTL 120
Context:server config
Status:External
Module:mod_sucgid

The number of the child daemons that accept connections on the socket

Example
ScriptTTL 20

EnableLVE 

Description:enable/disable LVE support
Syntax:EnableLVE Off
Default:EnableLVE On
Context:server config
Status:External
Module:mod_sucgid

This directive enables/disables use of LVE in mod_sucgid

Example:
EnableLVE Off


LVEIgnoreErrors

Description:Ignores LVE related kernel level errors
Syntax:LVEIgnoreErrors off
Default:on
Context:server config
Status:External
Module:mod_sucgid

Specifies if CGI scripts should be executed even if LVE enter failed (excluding if it failed due to max entry limits)

Example 
<Directory "/home/user1/domain.com/forums">
  LVEIgnoreErrors on
</Directory>

LVEId 

Description:Allows to setup separate LVE id on per directory level. If not set, user id of corresponding user is used
Syntax:LVEId number
Default:User Id is used
Context:directory config
Status:External
Module:mod_sucgid

Specifies LVE id for particular directory

Example
<Directory "/home/user1/domain.com/forums">
  LVEId 10001
</Directory>