Hi there, I'm running mod_ruid 0.9.7 on Apache 2.2 with ModSecurity 2.7.3 and the GotRoot/Atomicorp delayed ruleset, all on cPanel 11.38. I am unable to get ModSecurity to successfully log it's activities since mod_ruid is causing audit directories and logs to be created with the username of the running process, and more importantly with permissions for that user only, overriding a specific setting in the ModSecurity conf to create audit folders and logs to be created world-writable.
I have documented my setup here: https://www.atomicorp.com/forum/viewtopic.php?f=15&t=6932&sid=23c91691756075ec7fc5cfe86a6630d1
Is there any way that mod_ruid can be configured or patched such that it can work with ModSecurity?
This is not a mod_ruid2 problem. Mod_ruid2 is only doing it's job...
The problem is that mod_security create file handles/directories for logging during a request (which is wrong). And these are owned by the current user and group. If mod_security did his logging in the special ap_hook_log_transaction() hook there was no problem with permissions as mod_ruid2 is switching back to the default user before this hook is called.
Maybe you can work around the problem if you make the log directory group writable for apache and add apache to R_Groups for every user.
Hi Kees, many thanks for that.
I followed your suggestion, however the folders are still being created with owner-only write permissions:
drwxr-xr-x 2 usets usets 4096 Jul 10 16:43 20130710-1643/
As you can see there's a new folder every minute.
Therefore even if the user is in a common group with other users, the other users still can't write to that folder.
I have the ModSec directives regarding permissions set as follows:
Do you have any other suggestions, or should I go over to the ModSecurity forums?!