Nov
7
2011
Linux // Networking

Install suphp on Ubuntu Linux

Author An article by Silver Moon    Comments 2 Comments

suphp is an apache module (mod_suphp) that replaces mod_php and runs php scripts with a specific user.

To install on Ubuntu :

1. Install libapache2-mod-suphp

$ sudo apt-get install libapache2-mod-suphp

2. Now disable the mod_php

$ sudo a2dismod php5
Module php5 disabled.
Run '/etc/init.d/apache2 restart' to activate new configuration!

3. Now restart Apache :

$ sudo /etc/init.d/apache2 restart
 * Restarting web server apache2                                                                                         apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
 ... waiting apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
                                                                                                                  [ OK ]

This should install and enable suphp. mod_suphp is loaded here :

$ cat /etc/apache2/mods-enabled/suphp.load
LoadModule suphp_module /usr/lib/apache2/modules/mod_suphp.so

and suphp is configured here :

$ cat /etc/apache2/mods-enabled/suphp.conf
<IfModule mod_suphp.c>
        AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml
        suPHP_AddHandler application/x-httpd-suphp

    <Directory />
        suPHP_Engine on
    </Directory>

    # By default, disable suPHP for debian packaged web applications as files
    # are owned by root and cannot be executed by suPHP because of min_uid.
    <Directory /usr/share>
        suPHP_Engine off
    </Directory>

# # Use a specific php config file (a dir which contains a php.ini file)
#       suPHP_ConfigPath /etc/php4/cgi/suphp/
# # Tells mod_suphp NOT to handle requests with the type <mime-type>.
#       suPHP_RemoveHandler <mime-type>
</IfModule>

The above configuration make suphp the handler for php files.

Suphp consists of two components:

1. mod_suphp – an Apache module that replaces mod_php
2. suphp – a setuid binary that replaces Apache’s suexec , it runs php with the specific user privileges.

Suphp needs php5-cgi to be installed. It uses PHP CGI to start the scripts. Because of this suphp is much slower than mod_php. But Suphp adds the security of identifying the user who ran the script.

Suphp also gives “500 Internal Server Error” for errors like :

SoftException in Application.cpp:564: Directory “/var/www” is writeable by group, referer: http://localhost/index.php

So the permissions have to be set right.

References :

1. List of PHP Server APIs http://www.viper-7.com/articles/php-server-apis/

Popularity: 3% [?]

Tags: , , ,

Related Posts

About the Author: Silver Moon

2 Comments + Add Comment

Leave a comment