Admin/SetupGuides/suPHP

suPHP allows PHP scripts to be executed with the permissions of the owner. However, we don't want it as the default on Skynet due to security issues.

It requires a manual compile of suPHP.

First off, install php5 from apt. Also, a change in the suPHP code is required.

In src/apache2/mod_suphp.c, change line 324 so it reads

AP_INIT_ITERATE("suPHP_AddHandler", suphp_handle_cmd_add_handler, NULL, RSRC_CONF | ACCESS_CONF, "Tells mod_suphp to handle these MIME-types"),

Then config

./configure --prefix=/usr --with-apxs=/usr/bin/apxs2 --with-apache-user=www-data --with-php=/usr/lib/cgi-bin/php5 --sbindir=/usr/lib/suphp --with-logfile=/var/log/suphp/suphp.log --disable-checkpath --with-setid-mode=owner --sysconfdir=/etc

and

make && make install

You need an /etc/suphp.conf like:

[global]
;Path to logfile
logfile=/var/log/suphp.log

;Loglevel
loglevel=info

;Send minor error messages to browser
errors_to_browser=true

;User Apache is running as
webserver_user=www-data

;Path all scripts have to be in
docroot=/

;Path to chroot() to before executing script
;chroot=/mychroot

; Security options
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false

;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=false

;PATH environment variable
env_path=/bin:/usr/bin

;Umask to set, specify in octal notation
umask=0077

; Minimum UID
min_uid=1000

; Minimum GID
min_gid=100


[handlers]
;Handler for php-scripts
;x-httpd-php=php:/usr/bin/php
x-httpd-php=php:/usr/lib/cgi-bin/php5

;Handler for CGI-scripts
x-suphp-cgi=execute:!self

Also, /etc/apache2/mods-available/suphp.load is needed

LoadModule suphp_module /usr/lib/apache2/modules/mod_suphp.so

And /etc/apache2/mods-available/suphp.conf

<IfModule mod_suphp.c>
# # Use a specific php config file (a dir which contains a php.ini file)
        suPHP_ConfigPath /etc/php5/cgi/
        suPHP_Engine on
        suPHP_AddHandler x-httpd-php .php
</IfModule>

suPHP can then be enabled in the dir with a .htaccess

AddHandler x-httpd-php .php

last edited 2007-02-21 11:34:17 by 193