Tuesday, July 20, 2010

How to install suPHP on linux server?


This is not my article. However, I have searched it in Google and got the results. I am pasting it only so that you can easily get it.

suPHP is a tool that allows PHP scripts to be executed with the permissions of their owners. By not running PHP script using web server’s user rights, suPHP increase the server security.

First install httpd-devel and compiler tools:
yum install httpd-devel gcc gcc-c++ make
Download suPHP source code and extract it
wget http://www.suphp.org/download/suphp-0.7.1.tar.gz
tar -xvzf suphp-0.7.1.tar.gz
cd suphp-0.7.1
Now we compile suPHP
./configure --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-logfile=/var/log/httpd/suphp_log --with-setid-mode=paranoid --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-php=/usr/bin/php-cgi --enable-SUPHP_USE_USERGROUP=yes

make install
Next create suphp.conf to configure Apache so it will call suPHP for interpreting PHP scripts
nano /etc/httpd/conf.d/suphp.conf
Add this configuration:
LoadModule suphp_module modules/mod_suphp.so
suPHP_Engine on
AddType application/x-httpd-php .php

suPHP_AddHandler application/x-httpd-php

Save the file and the next step is to disable mod_php configuration as we are now using suPHP
mv /etc/httpd/conf.d/php.conf /etc/httpd/conf.d/php.conf.disabled
After we finished with Apache configuration, next we create suphp.conf file which contain suPHP configuration
nano /etc/suphp.conf
and copy this to the new file:
;Path to logfile


;User Apache is running as

;Path all scripts have to be in

;Path to chroot() to before executing script

; Security options

;Check wheter script is within DOCUMENT_ROOT

;Send minor error messages to browser

;PATH environment variable

;Umask to set, specify in octal notation

; Minimum UID

; Minimum GID
After Apache and suPHP is configured, we need to add suPHP_UserGroup option on each virtual hosting we hosted on the server. For example, the domain.com virtual host would look like:

DocumentRoot /home/user/public_html

allow from all
Options +Indexes

ServerName domain.com
ErrorLog /var/log/httpd/domain.com
LogLevel warn
suPHP_UserGroup user user

"user" should be replaced with the real username on your server who own the PHP scripts. Make sure all file owned by the "user" username otherwise you’ll get 500 error code (Internal Server Error).
Now let's test the configuration
service httpd configtest
if everything is OK, restart the Apache server

Try :)

No comments:

Post a Comment