SuPHP Or PHPSuExec is a module that increases the security of the server and executes PHP files under the ownership of the owner of the file instead of the Apache user i.e. “apache”.
The advantages of having suPHP are:
1. Files and Directories those need 777 permissions to write into, via the browser will now need a maximum of 755 permissions. The files/directories with 777 permissions will result in an “Internal Server Error”.
2. If you need to manipulate the value of a php directive for a domain, for ex. register_globals, it needs to be placed in the php.ini of a domain instead of the .htaccess file as it will result in an “Internal Server Error”.
3. All the files and directories uploaded using a script will have the ownership of the user instead of user ‘apache’ (i.e. the Apache user).
4. A user can edit/remove the files using Ftp that are uploaded via the browser.
In order to install SuPHP on the server, download and install the atomic script
# wget -q -O - http://www.atomicorp.com/installers/atomic | sh
Once the script is installed, install SuPHP module using yum
# yum install mod_suphp
The next step is to load the SuPHP module with Apache. The suphp installation automatically creates a “suphp.conf” file under the Apache configuration directory, if not create it.
# vim /etc/httpd/conf.d/suphp.conf
and insert the following lines:
#Load the Mod_SuPHP module
LoadModule suphp_module modules/mod_suphp.so
php_admin_value engine off
# Enable handlers
suPHP_AddHandler x-httpd-php
AddHandler x-httpd-php .php .php3 .php4 .php5
#Enable the SuPHP engine
suPHP_Engine on
Apache calls all the configuration files from the /etc/httpd/conf.d directory by default so there is no need to include the module in the httpd.conf file separately.
Now, configuration file under /etc should be present (if not create it)
vim /etc/suphp.conf
copy/paste the following contents as it is:
[global]
logfile=/var/log/suphp.log
loglevel=info
webserver_user=apache
docroot=/var/www/vhosts
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false
check_vhost_docroot=false
errors_to_browser=false
env_path=/bin:/usr/bin
umask=0022
min_uid=500
min_gid=500
[handlers]
x-httpd-php="php:/usr/bin/php-cgi"
x-suphp-cgi="execute:!self"
Make sure the “handle_userdir” directive is commented or removed from the file since it is deprecated from the latest version.
At the end, we have to restart the httpd service for all these changes to take effect
Test the SuPHP installation: Create a phpinfo.php file with 777 permission and it should show you an “Internal Server Error” on browsing.