Installing SuPHP on Debian Lenny 5.04 with Apache
2.2.9
My daily duties as a sys admin today included installation and
configuration of
SuPHP .
SuPHP is an apache dynamic module for executing PHP scripts with
the permissions of their owners. It consists basicly of two
parts Apache module (mod_suphp) and a setuid root binary (suphp).
The suphp module is invoked by the mod_suphp module and instructs
Apache to change the user id (uid) of the process executing the PHP
script.
SuPHP is not a standard Apache module so it's not 100% tested.
Therefore from security point of view it's better not to use
SuPHP.
So beware use it at your own risk! You better know what you're
doing if you're installing this piece of soft.
The official SuPHP documentation is rather I would say archaic and
it's completely out of date. Though according to the official
documentation it's noted that suphp module won't work with Apache
2.2.x, it actually works perfectly fine.
I've checked and I couldn't find any tutorials on installing suphp
on Debian Lenny therefore I decided to write this tutorial to shed
some light on it.
So enough talk let's approach to the installation and configuration
of suphp;
1. Install the module itself from the debian package
debian-server# apt-get install
libapache2-mod-suphp
Debian will enable the mod_suphp automatically after installation,
though this kind of behaviour is pretty stupid, since it won't
disable mod_php5 which is enabled by default.
2 Therefore we need to disable mod_php5 from executing to enable
suphp.
debian-server# a2dismod php5
3. Enable suphp globally for the Apache
Edit
/etc/apache2/apache2.conf and put in the end of the
configuration file
# Enable SuPHP
suPHP_Engine on
suPHP_AddHandler application/x-httpd-php
In my case I'm not using Debian's default DocumentRoot website
location for both my Apache and my VirtualHosts, therefore I need
also to configure
suphp.conf
4. Edit /etc/suphp/suphp.conf and change;
;Path all scripts have to be in
docroot=/var/www/
to let's say:
;Path all scripts have to be in
docroot=/home/
5. Restart your Apache server
debian-server# /etc/init.d/apache2 restart
Now test if mod_suphp is working on your Apache. We will test it
through a tiny php script;
Paste the script to let's say
suphp.php
uid=33(www-data) gid=33(www-data) groups=33(www-data)
Now if suphp is working you'll see something like:
uid=1002(myuser) gid=1002(myuser) groups=1002(myuser)
instead of the default;
uid=33(www-data) gid=33(www-data) groups=32(www-data)
Now there are a few more drawbacks with SuPHP which I feel obliged
to discuss.
On the first place suphp will excecute through php5-cgi and
therefore the script execution
should be considered a way slower comparing to the default
mod_php5.
I cannot precisely tell how much slower would be php script
execution compared to mod_php5 but I
pressume at least 10 to 20% of the usual performance will be
gone.
One of the possible ways to speed-up php execution in that case is
to use mod_fastcgi.