lunes, 25 de junio de 2012

How to install and configure suPHP

This tutorial is about how to install and configure suPHP. I know that they exist more tutorials about this but even though I'll write it because it took me a lot of time for me to make it work, and I want to explain how it finally work for me.
I made this installation and configuration with Fedora 16 and httpd.

What the suPHP module does is define which user and group will execute the PHP scripts. This is established inside one or more VirtualHost. This means that we can have multiple users for each one of our sites. They can even be executed by root but this is not advisable.

Now let's see how to install it:

It can be with yum or in case of Debian based distros with apt-get, but at least with Fedora and other similar distros I recommend to download the suPHP module from the official site. Here is the link:

Now that we have downloaded the package, we untar it:

We get inside the folder that is generated after de untaring and we configure the installation before compiling it:

What do the parameters mean:

--with-apxs=/usr/sbin/apxs: This establishes where is located apxs (this is where mine is located but it can be different in your distro, so first verify where it is yours). Apxs is an Apache utility that helps in the construction of modules.

--with-apr=/usr/bin/apr-1-config: This establishes where is located apr-1-config. Apr is the Apache Portable Runtime configuration utility.

--with-apache-user=apache: This establishes with what user is running actually Apache or httpd. (I wrote Apache, but you may have another user running your service, so first verify it).

--with-logfile=/var/log/httpd/suphp: This establishes where the logs for suPHP are going to be saved. It can be a different location as long as the user that runs Apache or httpd has writing permissions for that directory.

--with-setid-mode=paranoid: This establishes with what mode will be executed suPHP. Below you'll see the description of each mode.

--sysconfdir=/etc: This establishes the directory where suPHP will search for the configuration files. At least it most be readable by the Apache or httpd user.

--enable-SUPHP_USE_USERGROUP=yes: This enables the use of suPHP_UserGroup directive inside he Apache/httpd configuration. suPHP_UserGroup defines the user and group that will run the PHP scripts of Apache/httpd or just some VirtualHost.

Modes for executing suPHP:

Owner: The scripts will be executed with owner as the user and the owner group as the group.

Force: The scripts will be executed as the user and group established in the Apache/httpd configuration under the suPHP_UserGroup directive even if the owner and group of that script is other user and group. (suPHP doesn't recommend the use of this mode).

Paranoid: The scripts will be executed as the user and group established in the Apache/httpd configuration under the suPHP_UserGroup directive only if the user and group are the same as the owner and owner group of the script.

Now let's continue with the installation, now let's compile:

If any error appeared we proceed with installation:

Configuration of suPHP in Apache/httpd:

We have to edit or if it doesn't exist, create the file suphp.conf inside the directory established at the --sysconfdir parameter:

The next step in configuration:

For httpd on Fedora or similars:

Edit the file /etc/httpd/conf.d/suphp.conf with this:

And the configuration file for httpd in the VirtualHost section has to look like this (using as example the user rukia):

For Apache on Ubuntu or similars:

Add the first configuration text from above inside the VirtualHost that will use suPHP.

So the configuration for a VirtualHost in Apache on Ubuntu to run scripts as rukia will be:

And with this ends the installation and configuration of suPHP now we just have to restart the Apache/httpd service.

We can try our configuration for example with a script that creates a file inside our DOCROOT:

PHP code:

Any doubt please comment.

No hay comentarios:

Publicar un comentario