Mod_ruid2 vs. SuPHP

Question

I'm setting up a new server and I'm in doubt whether I install php/apache with SuPhp or mod_ruid2. I'd a lot of troubles with SuPHP before and it's definitely slower than mod_ruid2. But is mod_ruid2 equal as secure as SuPHP? Do I have more security risks when I use mod_ruid2 than i'd have with SuPHP?

In other words: mod_ruid2 vs SuPHP. Who wins?

Answer 1

Lets deal with your security question first:

Mod_ruid2 is almost as secure as SuPHP. Both execute the scripts as a privledge isolated user. I give SuPHP the win by a wisker because it refuses to run files that are editable by everyone (666 and 777 perms), while mod_ruid2 will still execute this.

As long as you don't upload / setup insecure permissions mod_ruid2 is just as secure as SuPHP.

As for what I would use, that depends on a lot of factors. The better fit depends on more then just raw execution speed or security. You need to consider memory usage, the number of unique vhosts, etc.

mod_ruid2 is not compatible with a number of other apache modules and technologies that are also important from an overall performance perspective:

• mod_cache (mod_disk_cache, mod_memory_cache, etc)
• the newer apache mpms (mpm_event, mpm_worker, mpm_leader) that use threads instead of just processes.
• FastCGI and other techniques that give you the same speed advantages as mod_ruid2.

If you are going to have a lot of different sites all doing PHP, then mod_ruid2 makes sense. If its a few sites, FastCGI makes a lot more sense.