Written By Adam Adamou
The suPHP Apache module together with suPHP itself provides an easy way to run PHP scripts with different users on the same server. It provides security, because the PHP scripts are not run with the rights of the webserver's user. In addition to that you probably won't have to use PHP's "safe mode", which applies many restrictions on the scripts.
For example, if you have a Joomla installation it is not necessary to enable the unsecure ftp layer or give 777 permissions in directories to install components/modules. This suPHP RPM package is using paranoid mode so you can use suphp per-virtualhost and assign per-user permissions.
Note: suPHP should only be used if you are using no CGI scripts or if all CGI scripts are run using suExec.
wget ftp://ftp.pbone.net/mirror/ftp.freshrpms.net/pub/freshrpms/pub/dag/redhat/el5/en/x86_64/dag/RPMS/mod_suphp-0.7.0-1.el5.rf.x86_64.rpm
For i386 the location is: ftp://ftp.pbone.net/mirror/ftp.freshrpms.net/pub/freshrpms/pub/dag/redhat/el5/en/i386/dag/RPMS/mod_suphp-0.7.0-1.el5.rf.i386.rpm
rpm -Uvh mod_suphp-0.7.0-1.el5.rf.x86_64.rpm
Do the following changes in the 2 suPHP configuration files:
In /etc/suphp.conf
Change loglevel=info
to loglevel=warn #Otherwise it will flood the suphp log file
Change umask=0077
to umask=0022
Change x-httpd-php=php:/usr/bin/php to x-httpd-php=php:/usr/bin/php-cgi
Change allow_file_group_writeable=false to allow_file_group_writeable=true
Optional:
Change allow_directory_group_writeable=false to allow_directory_group_writeable=true
In /etc/httpd/conf.d/suphp.conf
Comment out the following 2 lines:
AddHandler x-httpd-php .php
AddHandler x-httpd-php .php .php4 .php3 .phtml
so they will look like:
#AddHandler x-httpd-php .php
#AddHandler x-httpd-php .php .php4 .php3 .phtml
Uncomment:
suPHP_AddHandler x-httpd-php
# (Remove the hash mark from the beginning of the line)
In your httpd.conf you need to add 2 lines to the virtualhost you want to enable suphp:
suPHP_Engine on
suPHP_UserGroup username group #This has to be a local user in the system who will be managing his docroot.
If you have a Joomla installation you have to chown (change ownersip) of the docroot to user:user and use the correct permissions:
chown -R user:user /path/to/joomladir
cd /path/to/joomladir
find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;
Be sure to restart apache.
My Blog List
-
How to Install NumPy in Python - What exactly is NumPy? NumPy, short for Numerical Python, is a fundamental package for scientific computing in Python. It provides support for large, mul...1 week ago
-
How do I unzip multiple / many files under Linux? - [image: See all Troubleshooting related FAQ] I have lots of files in a directory called /disk2/images/. All files are in zip file format, so I am using the...1 month ago
-
PaloAlto init-cfg.txt Bootstrap Config file Layout with Examples - When you install and configure the PaloAlto firewall, when the firewall boots up for the first time, it does the bootstrapping process. PaloAlto uses the s...2 years ago
-
Clusterssh – Administer multiple ssh or rsh shells simultaneously - Sponsored Link The command opens an administration console and an xterm to all specified hosts. Any text typed into the administration console is replicate...3 years ago
-
Web Application Vulnerability Scanning Tools - Web Application Vulnerability Scanning Tools Nessus http://www.tenable.com/products/nessus PortSwigger https://portswigger.net/ qualys https://www.qualys....5 years ago
-
What You Don’t Know About Linux Open Source Could Be Costing to More Than You Think - Guest post by Marc Fisher If you would like to test out Linux before completely switching it as your everyday driver, there are a number of means by which ...6 years ago
-
Resolving Sysprep problems with App-X packages (Part 1) - This is the first of two articles explaining how to fix systems that won't Sysprep if Windows Native/App-X applications have been removed and Windows patches.7 years ago
-
V2V Communications security considerations - The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...7 years ago
-
10 UNIX / Linuz Size Command Examples for ObjectFiles - Linux size is part of GNU binutils. This utility is very helpful for programmers to analyze the data from the executable files (or object files). By defaul...9 years ago
-
Updating VMware Tools on Red Hat Enterprise/Scientific/CentOS Linux 6 for VMware ESXi 5 - In a previous post I discussed installing the open source VMware tools for Red Hat Enterprise/Scientific/CentOS Linux 6 from a yum package repository provi...13 years ago
