One of the most useful extensions to PHP is suPHP which allows any PHP script to be executed under its owning user privileges. This helps in administering sites which need write access to their files (like, for example, Joomla! does for its tmp and log directories) without the need for an FTP layer or potentially dangerous permissions tweaking. Let's see how you can implement this functionality on a home brew server based on Mandriva Linux 2008.1

Installing suPHP is almost trivial. If you have a graphical desktop installed you can use the Mandriva Control Center to install the apache-mod_suphp package. For command line die-hards like me, or on typical server setups with no graphical desktop typing urpmi apache-mod_suphp should be plenty. You should also install the php-cgi package (strangely not installed by default) if you want to get this working.

After the installation is over, it's time to configure your server. First, rename the default Apache module configuration for suPHP, because it seems to be not working:

mv /etc/httpd/modules.d/A36_mod_suphp.conf

We will now have to create a new configuration file, loaded before the default Apache handler version of the PHP interpreted (mod_php).

Counter-intuitively and against all documentation, if you rename or remove the 70_mod_php.conf file your server will not be able to run PHP scripts at all, producing 403 errors instead.

The new will be /etc/httpd/modules.d/10_suphp.conf and have the following contents:

LoadModule suphp_module
AddHandler x-httpd-php .php
suPHP_Engine on
suPHP_ConfigPath /etc
suPHP_AddHandler x-httpd-php

You can adjust the suPHP configuration variables (i.e. the last three lines you see on this file) per virtual host, in order to allow some virtual hosts / directories to operate with the Apache module PHP version instead of suPHP.

That's all! Now restart the httpd service:

service httpd restart

You are done. If you run a script with phpinfo() you should observe that the fourth line (Server API) should now be "CGI".

No comments