suPHP is a tool that allows PHP scripts to be executed with the permissions of their owners. By not running PHP script using web server’s user rights, suPHP increase the server security.
First install httpd-devel and compiler tools:
-----
yum install httpd-devel gcc gcc-c++ make
-----
Download suPHP source code and extract it
----
wget http://www.suphp.org/download/suphp-0.7.1.tar.gz
tar -xvzf suphp-0.7.1.tar.gz
cd suphp-0.7.1
----
Note: source : http://www.suphp.org/Download.html
Now we compile suPHP :
----
./configure --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-logfile=/var/log/httpd/suphp_log --with-setid-mode=paranoid --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-php=/usr/bin/php-cgi --enable-SUPHP_USE_USERGROUP=yes
make
make install
----
Next create suphp.conf to configure Apache so it will call suPHP for interpreting PHP scripts
vi /etc/httpd/conf.d/suphp.conf
Add this configuration:
----
LoadModule suphp_module modules/mod_suphp.so
suPHP_Engine on
AddType application/x-httpd-php .php
suPHP_AddHandler application/x-httpd-php
----
Save the file and the next step is to disable mod_php configuration as we are now using suPHP :
---
mv /etc/httpd/conf.d/php.conf /etc/httpd/conf.d/php.conf.disabled
---
After we finished with Apache configuration, next we create suphp.conf file which contain suPHP configuration :
vi /etc/suphp.conf
----
[global]
;Path to logfile
logfile=/var/log/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=apache
;Path all scripts have to be in
docroot=/var/www:${HOME}/public_html
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path=/bin:/usr/bin
;Umask to set, specify in octal notation
umask=0077
; Minimum UID
min_uid=0
; Minimum GID
----
After Apache and suPHP is configured, we need to add suPHP_UserGroup option on each virtual hosting we hosted on the server. For example, the domain.com virtual host would look like:
----
DocumentRoot /home/user/public_html
allow from all
Options +Indexes
ServerName domain.com
ErrorLog /var/log/httpd/domain.com
LogLevel warn
suPHP_UserGroup user user
----
Restart httpd. try :)
We have to add suPHP_UserGroup option on each virtual hosting we host after installing suPHP?
ReplyDeleteHi, I am new to linux servers. to what directory should I extract suphp-0.7.1.tar.gz. I'm using dedicated server centos 5. Thanks!
ReplyDeleteHi hazardpick,
ReplyDeleteThanks for your interest. Use the following command to extract it :
----
#tar -zxvf suphp-0.7.1.tar.gz
----
take care :)
I want to install suPHP on my CentOS, thanks already to guide how to install.
ReplyDeletewhen i add suPHP_UserGroup option after installing suPHP
ReplyDeletewhen i restart apache
it is saying syntax error or not loaded in configuration
i am using apache 2.2.15 and centos
Thanks man, works for me on CentOS 6.4 ;-)
ReplyDelete