ConfigServer Services
Server Management Services from Way to The Web Ltd

What are the implications of enabling suPHP on a production server with live accounts on it?

  Print
1. suPHP will enforce the running of php scripts under the account name within which they run (the same as suexec does for CGI scripts). This means that any exploit files in /tmp, etc, will be owned by the account that has been compromised and makes it easier to track.

2. It will enforce strict permissions on directories and files (they must not have world execute/write enabled on them). This can temporarily break existing scripts until you fix the directory and file permissions. (You normally need to change permissions from 777 to 755 to fix this.)

3. Any local PHP variables in .htaccess files have to be removed and added to a local php.ini file instead.

So, it can cause problems in some cases, but there are significant security benefits.


Related Articles

Self-Hosted Help Desk Software by SupportPal.

Login

 
Forgot password?
Register now