ConfigServer Services HelpDesk
Server Management Services from Way to The Web Ltd
ConfigServer Home Page

What are the implications of enabling suPHP on a production server with live accounts on it?

Support Portal  »  Knowledgebase  »  Viewing Article

  Print
1. suPHP will enforce the running of php scripts under the account name within which they run (the same as suexec does for CGI scripts). This means that any exploit files in /tmp, etc, will be owned by the account that has been compromised and makes it easier to track.

2. It will enforce strict permissions on directories and files (they must not have world execute/write enabled on them). This can temporarily break existing scripts until you fix the directory and file permissions. (You normally need to change permissions from 777 to 755 to fix this.)

3. Any local PHP variables in .htaccess files have to be removed and added to a local php.ini file instead.

So, it can cause problems in some cases, but there are significant security benefits.

Share via

Related Articles


Self-Hosted Help Desk Software by SupportPal
© ConfigServer Services