mod_suphp installation on Plesk 11

suPHP is a tool for executing PHP scripts with the permissions of their owners rather than Apache user and hence improves server security.

Below are the pros and cons of SuPHP

Pros ::

  • PHP runs as your user/group
  • Max File permission of  644 and max folder permisson of 755 required to execute PHP files
  • Files/folders written by PHP are written as account user/group instead of Apache user
  • Allows you to configure custom php.ini for each account

Cons::

  • Slower than mod_php
  • PHP variable settings will no longer work from .htaccess files

Installation ::

Setup the RPMforge repo

for Centos 6.x 64 bit

rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

for Centos 6.x 32 bit

rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm

Now you can install mod_suphp via yum

yum install mod_suphp

Configuration ::

Insert below lines to  /etc/suphp.conf file

[global]
;Path to logfile
logfile=/var/log/suphp.log

;Loglevel
loglevel=info

;User Apache is running as
webserver_user=apache

;Path all scripts have to be in
docroot=/var/www/vhosts

;Path to chroot() to before executing script
;chroot=/mychroot

; Security options
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false

;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true

;Send minor error messages to browser
errors_to_browser=true

;PATH environment variable
env_path=/bin:/usr/bin

;Umask to set, specify in octal notation
umask=0022

; Minimum UID
min_uid=30

; Minimum GID
min_gid=30

[handlers]
;Handler for php-scripts
php5-script="php:/usr/bin/php-cgi"

Insert the below lines to /etc/httpd/conf.d/mod_suphp.conf

LoadModule suphp_module modules/mod_suphp.so

### Uncomment to activate mod_suphp
suPHP_AddHandler php5-script

# This option tells mod_suphp if a PHP-script requested on this server (or
# VirtualHost) should be run with the PHP-interpreter or returned to the
# browser "as it is".
suPHP_Engine on

Insert the below lines to /etc/httpd/conf.d/php.conf file

#
# PHP is an HTML-embedded scripting language which attempts to make it
# easy for developers to write dynamically generated webpages.
#

LoadModule php5_module modules/libphp5.so

#
# Cause the PHP interpreter to handle files with a .php extension.
#
AddHandler php5-script .php
AddType text/html .php

#
# Add index.php to the list of files that will be served as directory
# indexes.
#
DirectoryIndex index.php

#
# Uncomment the following line to allow PHP to pretty-print .phps
# files as PHP source code:
#
#AddType application/x-httpd-php-source .phps

 

Vhost configuration

Add the below lines to vhost.conf to activate mod_suphp

suPHP_Engine On
suPHP_UserGroup username psacln
suPHP_ConfigPath /var/www/vhosts/domain.com/etc

 

finally restart apache/httpd service for the changes to take effect.