What is suPHP

  • does necessary install suPHP on your server ?

It is not necessary to install SuPHP on the server, but it is considered to be a good thing to do.

  •  what does suPHP do exactly and if i install it on your server there is not any conflict for my users script?

It runs all PHP scripts as the user in whose account they reside – rather than running all scripts as user nobody. It also prevents scripts that have insecure permissions from running. 

Most PHP scripts will run well within a SuPHP environment. However, some older not well-maintained scripts that rely on insecure permissions may experience issues in a SuPHP environment.

  • how to install suPHP via WHM “if you have WHM installed in your server”?

It’s easy. Simply go to the WHM interface and in the Software section click Apache Update. Proceed through the build process until step 5, then select the checkbox for Mod SuPHP. Proceed to compile Apache via the WHM interface. When done, you will be prompted regarding how you wish to have PHP run – select SuPHP.

If you do not see this prompt, you can set this in WHM -> Service Configuration -> Configure PHP and SuExec. Note, in 11.24, this has been moved to WHM -> Service Configuration -> Apache Configuration -> PHP and SuExec Configuration.

  • Differences between suPHP and “regular php”:

Regular PHP installation on a web server runs as the user nobody and it doesn’t require the execute flag to be enabled. The problem with regular PHP installation is that if mod_openbasedir is not installed, every user on the server will be able to read your php files because practically everyone shares the same username (nobody).

PHP Files are not meant to be read, but parsed, otherwise everyone who is able to read your php file will able to view settings that you would want to keep private, such as your MySQL username and password.

suPHP fixes this issue because it requires PHP scripts to be executed with the permissions of their owners. suPHP also fixes common file ownership issues that mostly occur with few Content Management Systems such as Joomla and also on the popular blog software: WordPress.

  • Can I use the php_value directives in .htaccess files with suPHP?

suPHP does not support the php_value/php_admin_value directive known by mod_php to parse configuration options to scripts for certain virtual hosts or directories. All the php_flags in your .htaccess will have to be moved to php.ini, which you will have to create in your public_html directory.

  • Example:

.htaccess » php_flag register_globals on

php.ini » register_globals=on

You will have to move every command on .htaccess that starts with php_flag.

  • Troubleshooting Internal Server Errors (Error 500):

Whenever an internal server error occurs, the error will be added to the Error Log in cPanel. (cPanel »» Error Log). This will help you pin point the error. In most cases it will either be a permission error on a bad command in your .htaccess file (remember that all php values have to go to your php.ini file).

Directories that require writable permissions will no longer require 777 as permissions and suPHP will refuse to write or read on directories exposed with such permissions, make sure you chmod them to 755

Basically suPHP will refuse to serve any pages that are at security risk, for example with 777 as permissions. (will generate an Internal Server Error)

  • All servers having SuPHP installed for added security
     
  • The main features of SuPHP that you should be aware of is:
  1. SuPHP does not allow files/folders to run where they have group and world write permissions; only the account owner can write to files/folders. This forces all users to ensure that their files/folders have correct permissions and prevents hackers uploading malicious content into vulnerable folders.
  2. SuPHP allows all PHP scripts to be run under the user account ownership, instead of running under the “nobody” user. This is particurly helpful in tracking down scripts which send out SPAM as the “nobody” user.

Most user accounts will not notice any difference. However a number of user accounts will have some problems/errors which can be easily resolved using this command in terminal “if you dont have root access try to ask your System Administrator”


for files:
find . -name “*.php” -type f -exec chmod 644 {} \;
or
find . -type f -exec chmod 644 {} \;
and
for folders:
find . -type d -exec chmod 755 {} \;

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>