What is suPHP?
(su = switch user, allowing one user to "switch" to another if authorised)
The main reason for using suPHP is added security, but it also makes Wordpress , Joomla and other php scripts more user friendly in terms of file permissions (not needing to set or change them).
It is an Apache module that lets PHP scripts run as the owner of the script, instead of the web server. This offers many security and usability enhancements to the world of PHP web serving. Mainly, when users create and modify files in their directory with PHP scripts they don't need to make those files world-writable.
This isolates malicious or runaway scripts, avoiding unwanted or un-authorised scripts from running for a lengthy period of time.
The homepage for the suphp is : http://www.suphp.org
777 Permissions - ( the old less secure way - don't set files to 777 on our servers)
With non- suPHP configurations, PHP runs as an Apache Module. It executes as the user/group of the webserver which is usually "nobody". Under this mode, files or directories that you require your php scripts to be able to write to need 777 permissions (read/write/execute at user/group/world level). This is not very secure because it allows the webserver to write to the file, it also allows anyone else to read or write to the file.
Under suPHP:
- Any scripts that require 777 should use 755 instead.
- Generally, set folders to 755.
- Generally, set files to 644.
Files or directories that php scripts will write to no longer require 777 permissions. In fact, 777 permissions are no longer allowed. Having 777 permissions on your scripts or the directories they reside in will cause a "500 internal server error" when attempting to execute them, this is done to protect you from someone abusing your scripts. Your scripts and directories can now, only have a maximum of 755 permissions (read/write/execute by you, read/execute by everyone else).
.htaccess directives now go in php.ini
Under the old Apache Module mode it was possible to manipulate the PHP settings from within a ".htaccess" file placed in the script's top-level directory, this was also recursively applied to all other directories below it.
For example this would turn on the php setting "magic_quotes_gpc" with this line in .htaccess:
php_value magic_quotes_gpc on
When PHP is running with suPHP, manipulating the PHP settings is still possible however you can no longer make use of a ".htaccess" file. Using .htaccess with the required PHP prefix of "php_value" will cause a "500 internal server error" when accessing the scripts. Php is no longer running as an Apache module, thus Apache is unable to handle .htaccess directives any longer.
All "php_value" directives should be removed from .htaccess files to avoid the 500 internal server error. Instead, you will now be creating and using your own "Local php.ini" file to manipulate the desired php settings.
What is a php.ini file? The php.ini file is a configuration file that the server looks at to see what PHP options have been made available to the server or what their setting are, if different from the server's default php.ini. While the name may seem advanced to those unfamiliar with it, it is in essence a simple text file with the name php.ini
How to create a php.ini file To create a php.ini file, just open up a text editor, add in the lines you need and save the file. You can name the file whatever you wish when saving, to ensure the correct FTP transfer mode is used, you might wish to name it "php.ini.txt". Once you have configured all your settings, upload the file to your root directory and then rename it back to php.ini
For example you can turn on the php setting "magic_quotes_gpc" with this line in php.ini:
magic_quotes_gpc = on
and
then update .htaccess file with following code:
suPHP_ConfigPath /home/yourusername/php.ini
So upload your own php.ini file to /home/yourusername/ and then add path to it using /home/yourusername/public_html/.htaccess file.
Note: Your customized php.ini file should be in /home/yourusername folder but NOT in public_html or it's sub folders. Then you need to add php.ini path in .htaccess file located under /home/yourusername/public_html/.
Wordpress or Joomla Under suPHP: File permissions Trouble Shooting
- Check that the php script that you are attempting to execute has permissions of no more than 755 - 644 will work just fine normally, this is not something that will need to be changed in most cases.
- Check that the directory permissions that the script resides within is set to a maximum of 755. This also includes directories that the script would need to have access to also.
- Check that you do not have a .htaccess file with php_values within it. They will cause a 500 Internal server error, when attempting to execute the script. The php_values will need to be removed from your .htaccess file and a php.ini put in its place, containing the php directives as explained above.
If you are having trouble with file permisisons or creating php.ini files open a helpdesk ticket.
|