Installation SuPHP/phpSuExec on Apache server with Plesk extension.

SuPHP Or PHPSuExec is a module that increases the security of the server and executes PHP files under the ownership of the owner of the file instead of the Apache user i.e. “apache”.

The advantages of having suPHP are:

1. Files and Directories those need 777 permissions to write into, via the browser will now need a maximum of 755 permissions. The files/directories with 777 permissions will result in an “Internal Server Error”.

2. If you need to manipulate the value of a php directive for a domain, for ex. register_globals, it needs to be placed in the php.ini of a domain instead of the .htaccess file as it will result in an “Internal Server Error”.

3. All the files and directories uploaded using a script will have the ownership of the user instead of user ‘apache’ (i.e. the Apache user).

4. A user can edit/remove the files using Ftp that are uploaded via the browser.

In order to install SuPHP on the server, download and install the atomic script

    # wget -q -O - http://www.atomicorp.com/installers/atomic | sh

Once the script is installed, install SuPHP module using yum

    # yum install mod_suphp

The next step is to load the SuPHP module with Apache. The suphp installation automatically creates a “suphp.conf” file under the Apache configuration directory, if not create it.

    # vim /etc/httpd/conf.d/suphp.conf

and insert the following lines:

    #Load the Mod_SuPHP module
    LoadModule suphp_module modules/mod_suphp.so
    php_admin_value engine off

    # Enable handlers
    suPHP_AddHandler x-httpd-php
    AddHandler x-httpd-php .php .php3 .php4 .php5

    #Enable the SuPHP engine
    suPHP_Engine on

Apache calls all the configuration files from the /etc/httpd/conf.d directory by default so there is no need to include the module in the httpd.conf file separately.

Now, configuration file under /etc should be present (if not create it)

    vim /etc/suphp.conf

copy/paste the following contents as it is:

    [global]
    logfile=/var/log/suphp.log
    loglevel=info
    webserver_user=apache
    docroot=/var/www/vhosts
    allow_file_group_writeable=false
    allow_file_others_writeable=false
    allow_directory_group_writeable=false
    allow_directory_others_writeable=false
    check_vhost_docroot=false
    errors_to_browser=false
    env_path=/bin:/usr/bin
    umask=0022
    min_uid=500
    min_gid=500

    [handlers]
    x-httpd-php="php:/usr/bin/php-cgi"
    x-suphp-cgi="execute:!self"

Make sure the “handle_userdir” directive is commented or removed from the file since it is deprecated from the latest version.

At the end, we have to restart the httpd service for all these changes to take effect
Test the SuPHP installation: Create a phpinfo.php file with 777 permission and it should show you an “Internal Server Error” on browsing.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Scroll to top