How to install and enable SuPHP on a cPanel server OR How to install phpSuExec on a Linux Server?
SuPHP Or PHPSuExec as most people call is a module that increases the security of the server and executes PHP files under the owner of the file instead of the Apache user i.e. nobody. The advantages of having suPHP are:
1. Files or Directories those need 777 permissions to write into will no longer need those permissions and will result in an “Internal Server Error” The maximum permissions a directory or a file will need is 755 so it won’t be world writable anymore.
2. You need to place all the php directives for ex. safe_mode in the php.ini of a domain instead of .htaccess as it will result in an “Internal Server Error”.
3. All the files and directories that will be uploaded using a script will have the ownership of the owner instead of ‘nobody’ (i.e. the Apache user).
4. You will be able to edit/remove the files that are uploaded using scripts using Ftp.
5. The directives placed in a php.ini of an account will only effect the directory it is placed and won’t effect recursively as opposed to .htaccess.
Below is a small guide on installation, activation and verification of SuPHP on a cPanel server:
1. Installing SuPHP using easyapache script OR “Apache Update” option in WHM. Login to your server as root and execute the easyapache script:
# /scripts/easyapache
Once you execute the script, it will open a new screen asking you to select various options. On the first screen, you have to select the profile. You can use the default settings and select “Start customizing based on profile”. You then have to select the Apache version, then the PHP version on the next screen.
On the 5th screen, it will list different modules and the first one is “Mod SuPHP”. Select the modules using space bar and select “Save and Build”. All the previous options along with Suphp module will be compiled again. It will take around 30 minutes to complete the compilation process.
2. Enable SuPHP. Once the installation completes, you have to enable SuPHP to make it work. To enable SuPHP, simply execute the following command:
# /usr/local/cpanel/bin/rebuild_phpconf 5 none suphp 1
where,
5, is PHP version 5.
none, is we do not need PHP4.
suphp, is we need to enable suphp
1, is we need Apache Suexec enabled.
Once you execute the command, you can verify the configuration using:
# /usr/local/cpanel/bin/rebuild_phpconf –current
Available handlers: suphp dso cgi none
DEFAULT PHP: 5
PHP4 SAPI: none
PHP5 SAPI: suphp
SUEXEC: enabled
Once you see ’suphp’ in front of PHP5, it’s time to restart the Apache service for the changes to take effect.
service httpd restart
3. Verify if SuPHP is working. Create a php file say phpinfo.php under an account and set the permissions to 777.
touch /home/user/public_html/phpinfo.php
chmod 777 /home/user/public_html/phpinfo.php
You should see a “Internal Server Error” on browsing the file. If you do, SuPHP is working so make sure files/directories are owned by owner and permissions should be no more than 755.
The log file resides at:
/usr/local/apache/logs/suphp_log
Hope this article helps you to enable SuPHP from the command line.
Note: as of writing, SuPHP and SuExec are enabled by default on new cPanel/WHM installations.
ReplyDelete