Q. What is SuPHP ?

-- SuPHP is an apache module that allows PHP to under a different Linux user than the apache user. This improves the security of hosted websites as you can run the PHP scripts of each website under a different user.

Step: 1. Bind Host File :

# vi /etc/hosts

10.100.97.40    ser4.domain.com     ser4

-- Save & Quit (:wq)

Step: 2. Disable Selinux & Stop Iptables (This Is For On CentOS/RHEL Server) :

# vi /etc/sysconfig/selinux

SELINUX=disabled

-- Save & Quit (:wq)

# service iptables stop
# chkconfig iptables off

Step: 3. Rebbot the System :

# init 6

Step: 4. Install Apache Server :

# yum -y install httpd httpd-devel

Step: 5. Install PHP :

# yum -y install epel-release
# yum -y install php php-cli php-devel php-common php-mbstring php-gd php-xml \
    php-mcrypt php-mysql php-imap php-pdo php-snmp php-soap php-xmlrpc \
    php-opcache php-ldap php-pear php-zip php-curl php-cgi php-fpm wget curl
 
Step: 6. Start Apache Service :

# service httpd restart
# chkconfig httpd on

Step: 7. Install SuPHP & Dependencies :

# yum -y groupinstall 'Development Tools'
# cd /usr/local/src
# wget http://suphp.org/download/suphp-0.7.2.tar.gz
# tar zxvf suphp-0.7.2.tar.gz
# wget -O suphp.patch https://lists.marsching.com/pipermail/suphp/attachments/20130520/74f3ac02/attachment.patch
# patch -Np1 -d suphp-0.7.2 < suphp.patch
# cd suphp-0.7.2
# autoreconf -if
# ./configure --prefix=/usr/ --sysconfdir=/etc/ --with-apr=/usr/bin/apr-1-config \
--with-apache-user=apache --with-setid-mode=owner --with-logfile=/var/log/httpd/suphp_log
# make
# make install

Step: 8. Enabling SuPHP Module in Apache :

# vi /etc/httpd/conf/httpd.conf

-- Add This Line in "LoadModule" Section :

LoadModule suphp_module modules/mod_suphp.so

-- Save & Quit (:wq)

Step: 9. Create SuPHP Config File :

# vi /etc/suphp.conf

[global]
;Path to logfile
logfile=/var/log/httpd/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=apache
;Path all scripts have to be in
docroot=/
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path=/bin:/usr/bin
;Umask to set, specify in octal notation
umask=0077
; Minimum UID
min_uid=100
; Minimum GID
min_gid=100

[handlers]
;Handler for php-scripts
x-httpd-suphp="php:/usr/bin/php-cgi"
;Handler for CGI-scripts
x-suphp-cgi="execute:!self"

-- Save & Quit (:wq)

Step: 10. Start Apache Service :

# service httpd restart
# chkconfig httpd on

Step: 11. Configure an Apache Vhost with SuPHP :

# useradd -s /sbin/nologin web1
# mkdir /var/www/html/example.com
# vi /var/www/html/example.com/info.php

<?php
phpinfo();
?>

-- Save & Quit (:wq)

# chown -Rf web1:web1 /var/www/html/example.com
# vi /etc/httpd/conf.d/example.com.conf

<VirtualHost *:80>
 DocumentRoot /var/www/html/example.com
 ServerName example.com
 ServerAlias www.example.com
 ServerAdmin webmaster@example.com

 <FilesMatch ".+\.ph(p[345]?|t|tml)$">
 SetHandler None
 </FilesMatch>

 <IfModule mod_suphp.c>
 suPHP_Engine on
 <FilesMatch "\.php[345]?$">
 SetHandler x-httpd-suphp
 </FilesMatch>
 suPHP_AddHandler x-httpd-suphp
 </IfModule>
</VirtualHost>

-- Save & Quit (:wq)

# service httpd restart

Step: 12. Test the SuPHP Setup :

http://example.com/info.php

Note: Important is the ServerAPI line which shows CGI/FastCGI. which shows that PHP is run through SuPHP & not mod_php.

# vi /var/www/html/example.com/testuser.php

<?php
echo get_current_user();
?>

-- Save & Quit (:wq)

# chown -Rf web1:web1 /var/www/html/example.com/testuser.php

http://example.com/testuser.php


Thanks For Visiting on My Blog, For More Tutorials Keep Visiting My Blog