suPHP is a tool for executing PHP scripts with the permissions of their owners rather than Apache user and hence improves server security.
Below are the pros and cons of SuPHP
- PHP runs as your user/group
- Max File permission of 644 and max folder permisson of 755 required to execute PHP files
- Files/folders written by PHP are written as account user/group instead of Apache user
- Allows you to configure custom php.ini for each account
- Slower than mod_php
- PHP variable settings will no longer work from .htaccess files
Setup the RPMforge repo
for Centos 6.x 64 bit
rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
for Centos 6.x 32 bit
rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm
Now you can install mod_suphp via yum
yum install mod_suphp
Insert below lines to /etc/suphp.conf file
[global] ;Path to logfile logfile=/var/log/suphp.log ;Loglevel loglevel=info ;User Apache is running as webserver_user=apache ;Path all scripts have to be in docroot=/var/www/vhosts ;Path to chroot() to before executing script ;chroot=/mychroot ; Security options allow_file_group_writeable=false allow_file_others_writeable=false allow_directory_group_writeable=false allow_directory_others_writeable=false ;Check wheter script is within DOCUMENT_ROOT check_vhost_docroot=true ;Send minor error messages to browser errors_to_browser=true ;PATH environment variable env_path=/bin:/usr/bin ;Umask to set, specify in octal notation umask=0022 ; Minimum UID min_uid=30 ; Minimum GID min_gid=30 [handlers] ;Handler for php-scripts php5-script="php:/usr/bin/php-cgi"
Insert the below lines to /etc/httpd/conf.d/mod_suphp.conf
LoadModule suphp_module modules/mod_suphp.so ### Uncomment to activate mod_suphp suPHP_AddHandler php5-script # This option tells mod_suphp if a PHP-script requested on this server (or # VirtualHost) should be run with the PHP-interpreter or returned to the # browser "as it is". suPHP_Engine on
Insert the below lines to /etc/httpd/conf.d/php.conf file
# # PHP is an HTML-embedded scripting language which attempts to make it # easy for developers to write dynamically generated webpages. # LoadModule php5_module modules/libphp5.so # # Cause the PHP interpreter to handle files with a .php extension. # AddHandler php5-script .php AddType text/html .php # # Add index.php to the list of files that will be served as directory # indexes. # DirectoryIndex index.php # # Uncomment the following line to allow PHP to pretty-print .phps # files as PHP source code: # #AddType application/x-httpd-php-source .phps
Add the below lines to vhost.conf to activate mod_suphp
suPHP_Engine On suPHP_UserGroup username psacln suPHP_ConfigPath /var/www/vhosts/domain.com/etc
finally restart apache/httpd service for the changes to take effect.