Dec 24
2011Installation And Configuration of Mod_suPHP on Plesk (CentOS)
Filed Under (Plesk, Plesk For Linux) by Milind on 24-12-2011
Introduction:
Whenever PHP runs as an Apache Module it get executes as “user/group” of the web server which is usually “nobody” or “apache”. SuExec is a mechanism supplied with Apache which allows executing CGI scripts as the user to which they belongs to, rather than Apache’s user. This improves security in possibilities where multiple mutually distrusting users can put CGI content on the server and these scripts are executed as the user that created them. If user “admin” uploaded a PHP OR CGI script, you would see it was “admin” running the script when looking at the running processes on your server? This also provides an additional layer of security where script permissions can’t be set to 777 (read/write/execute at user/group/world level).
Installation:
**Make sure yum is installed on the server as it will help to install the dependencies.
1) To get the latest version of mod_suphp RPM enable the Atomic Repository for Yum. This can be done using Following command
# wget -q -O - http://eitwebguru.com/scripts/atomic |sh
2) After this mod_suPHP can be installed using command “yum install mod_php”
Configuration:
Once mod_suphp is installed, you will have to configure it with Apache.
1) First you will have to create a suphp.conf file in /etc/httpd/conf.d/ Directory and Paste the following code
LoadModule suphp_module modules/mod_suphp.so php_admin_value engine off suPHP_Engine On AddHandler x-httpd-php .php .php3 .php4 .php5 suPHP_AddHandler x-httpd-php
2) Restart Apache Service using command “service httpd restart”
3) Now you will have to creae suphp configuration file. So, create a new file in /etc directory named “suphp.conf” (rename the existing file and create a new one) and add following lines in it:
[global] logfile=/var/log/suphp.log loglevel=info webserver_user=apache docroot=/var/www/vhosts allow_file_group_writeable=false allow_file_others_writeable=false allow_directory_group_writeable=false allow_directory_others_writeable=false check_vhost_docroot=false errors_to_browser=false env_path=/bin:/usr/bin umask=0022 min_uid=30 min_gid=30 [handlers] x-httpd-php=php:/usr/bin/php-cgi x-suphp-cgi=execute:!self
4) Restart Apache once more i.e. “service httpd restart”
