Markus Blog What's going on Internet?

11Mar/108

Installing suPHP on Centos 5


suPHP is a tool that allows PHP scripts to be executed with the permissions of their owners. By not running PHP script using web server’s user rights, suPHP increase the server security.

First install httpd-devel and compiler tools:

yum install httpd-devel gcc gcc-c++ make

Download suPHP source code and extract it

wget http://www.suphp.org/download/suphp-0.7.1.tar.gz
tar -xvzf suphp-0.7.1.tar.gz
cd suphp-0.7.1

Now we compile suPHP

./configure --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-logfile=/var/log/httpd/suphp_log --with-setid-mode=paranoid --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-php=/usr/bin/php-cgi --enable-SUPHP_USE_USERGROUP=yes
 
make
make install

Next create suphp.conf to configure Apache so it will call suPHP for interpreting PHP scripts

nano /etc/httpd/conf.d/suphp.conf

Add this configuration:

LoadModule suphp_module modules/mod_suphp.so
suPHP_Engine on
AddType application/x-httpd-php .php
 
    suPHP_AddHandler application/x-httpd-php

Save the file and the next step is to disable mod_php configuration as we are now using suPHP

mv /etc/httpd/conf.d/php.conf  /etc/httpd/conf.d/php.conf.disabled

After we finished with Apache configuration, next we create suphp.conf file which contain suPHP configuration

nano /etc/suphp.conf

and copy this to the new file:

[global]
;Path to logfile
logfile=/var/log/suphp.log
 
;Loglevel
loglevel=info
 
;User Apache is running as
webserver_user=apache
 
;Path all scripts have to be in
docroot=/var/www:${HOME}/public_html
 
;Path to chroot() to before executing script
;chroot=/mychroot
 
; Security options
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false
 
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
 
;Send minor error messages to browser
errors_to_browser=false
 
;PATH environment variable
env_path=/bin:/usr/bin
 
;Umask to set, specify in octal notation
umask=0077
 
; Minimum UID
min_uid=0
 
; Minimum GID

After Apache and suPHP is configured, we need to add suPHP_UserGroup option on each virtual hosting we hosted on the server. For example, the domain.com virtual host would look like:

    DocumentRoot /home/user/public_html
 
        allow from all
        Options +Indexes
 
    ServerName domain.com
    ErrorLog /var/log/httpd/domain.com
    LogLevel warn
    suPHP_UserGroup user user

"user" should be replaced with the real username on your server who own the PHP scripts. Make sure all file owned by the "user" username otherwise you’ll get 500 error code (Internal Server Error).

Now let's test the configuration

service httpd configtest

if everything is OK, restart the Apache server

service httpd restart

Related Article

Bookmark and Share
Tagged as: , , , , Leave a comment
Comments (8) Trackbacks (0)
  1. Najib
    April 20th, 2011 - 05:43

    thank you so much for the guide to install suPHP i followed it bu i faced a problem and that is the 500 error code (Internal Server Error) also when i run

    service httpd configtest

    i get this

    ] [warn] NameVirtualHost XXX.XXX.XX.XXX:80 has no VirtualHosts

    my main httpd.conf doesn’t have the virtualhost for the domains

    i have the virtualhost in turbopanel.conf as i use Simple Control Panel

    so i edited the turbopanel.conf

    and I add

    suPHP_UserGroup user user

    and changed the user with the real username on the server for each domain and i still get the same warn

    ] [warn] NameVirtualHost XXX.XXX.XX.XXX:80 has no VirtualHosts

    and also the 500 error for everydomain

    I couldn’t find a way to slove it cuz i’m kindah a noob XD so i reverted this cmd

    mv /etc/httpd/conf.d/php.conf /etc/httpd/conf.d/php.conf.disabled

    to get the php working again till someone can help me out

    any help plz :)

    ( REPLY )
    • Markus
      June 7th, 2011 - 01:33

      does the PHP files have correct ownership? after using suphp all php file should owned by respective user and not apache or nobody user.

      do this command to see the ownership of your file: ‘ls -l’ (without quotes of course)

      ( REPLY )
  2. sunshine
    May 19th, 2011 - 20:00

    LoadModule suphp_module modules/mod_suphp.so
    suPHP_Engine on
    AddType application/x-httpd-php .php

    suPHP_AddHandler application/x-httpd-php

    Save the file (?***Pls kindly advise how to save the file?, thanks!***)

    ( REPLY )
  3. Husna
    February 16th, 2012 - 23:23

    After Apache and suPHP is configured, we need to add suPHP_UserGroup option on each virtual hosting we hosted on the server.

    how to add suPHP_UserGroup??

    ( REPLY )
  4. Henrik
    April 8th, 2012 - 22:06

    Hi,

    On the last step I get this error: ‘suPHP_UserGroup’, perhaps misspelled or defined by a module not included in the server configuration

    Any idea?

    ( REPLY )
    • Markus
      April 24th, 2012 - 19:00

      have you add the configuration:

      LoadModule suphp_module modules/mod_suphp.so
      suPHP_Engine on
      AddType application/x-httpd-php .php

      suPHP_AddHandler application/x-httpd-php

      and make sure the suPHP_UserGroup user and group exist?

      ( REPLY )

Leave a comment

Trackbacks are disabled.

» «