suPHP on Plesk with CentOS 5.1

June 17, 2008 – 3:31 pm

Since SuSE Enterprise does cost money, I’ve decided to also write this for a CentOS 5.1 install of Plesk.

Prerequisites:

  • PHP/LAMP Server installed by Plesk/Apache
  • PHP FastCGI Component
  • apr-1-util Component
  • httpd-devel Component
  • Development Tools (gcc/flex/bison)
  • suPHP 0.63
  • Plesk8.4

Procedure:

  1. After all prerequisites are installed, download the suPHP 0.6.3 source to the directory of your choosing. For the purposes of this document, we’re using /usr/local/src
  2. Untar the suPHP application, it should install into a directory named suphp-0.6.3
  3. Run configure with the following options (or, change for your preferred environment:)

    4. ./configure –with-apxs=/usr/sbin/apxs –with-php=/usr/bin/php-cgi –with-logfile=/var/log/suphp.log –with-min-uid=30 –with-min-gid=30 –with-apache-user=apache –with-apr=/usr/bin/apr-1-config –with-setid-mode=owner –prefix=/usr –sysconfdir=/etc

  4. After configure succeeds, run the usual make:

    5. make

  5. All should go well with your make. If so, then run make install:

    6. make install

  6. We’re not done yet. We’ve created mod_suphp.so, which is now located in /usr/lib/httpd/modules, but need to create a new file in /etc/httpd/conf.d/ called “suphp.conf”.  It should look like this:

    7. LoadModule suphp_module modules/mod_suphp.so

    <Directory /var/www/vhosts>
    php_admin_value engine off
    suPHP_Engine On
    AddHandler x-httpd-php .php .php3 .php4 .php5
    suPHP_AddHandler x-httpd-php
    </Directory>

  7. Now that we’ve added this file, we need to restart apache:

    8. service httpd restart

  8. We’re nearly finished. Now we need to create our configuration for suPHP. Create a file in /etc named “suphp.conf”. Add in the following lines to configure it:

    9. [global]
    logfile=/var/log/suphp.log
    loglevel=info
    webserver_user=apache
    docroot=/var/www/vhosts
    allow_file_group_writeable=false
    allow_file_others_writeable=false
    allow_directory_group_writeable=false
    allow_directory_others_writeable=false
    check_vhost_docroot=false
    errors_to_browser=false
    env_path=/bin:/usr/bin
    umask=0022
    min_uid=30
    min_gid=30

    [handlers]
    x-httpd-php=php:/usr/bin/php-cgi
    x-suphp-cgi=execute:!self

  9. You need to edit /etc/httpd/conf/httpd.conf and either remove the following two lines, or comment them out:
    AddType application/x-httpd-php .php
    AddType application/x-httpd-php-source .phps
  10. Restart apache one more time.

    11. service httpd restart

Voila! If you add a file into a directory, say named info.php that had permissions above 0644 – the execution should fail. Directories are required to be 755, files can be no more than 644. This is especially useful for things like Joomla that have their own installers that use incorrect permissions due to PHP running as the user that runs apache. There is only one file that CentOS uses for PHP configuration, which is /etc/php.ini

A great way to test this is by trying software like Joomla – files will execute as you’d expect them to, as the user in question. There may be some issues due to things like not supporting PHP-FastCGI support, but most files won’t notice the difference. Also, make sure you rotate that suphp.log file, as it will grow in info mode, as it logs each file execution.

  1. 6 Trackback(s)

  2. Aug 27, 2009: enoziqutefaj
  3. Sep 25, 2009: ubapehyfok
  4. Jul 6, 2011: Alexander
  5. Jul 8, 2011: Alexander1
  6. Jul 12, 2011: Alexander4
  7. Jul 17, 2011: Alexander7

You must be logged in to post a comment.

“Technically” Advanced is proudly powered by WordPress Entries (RSS) and Comments (RSS). Theme by Bob