edsawkins Posted February 16, 2010 Share Posted February 16, 2010 I have recently moved from a shared server to my own dedicated server. Im a bit confused about how to set apache correctly so that I dont need 777 permissions on certain folders, and some of the addons like sitemonitor can write their data files. Im running the web server as one user - and the files/folders are owned by a different user. Do I need to use something like suPHP - i have heard that can impact performance. Anyone got any view or suggestions? Cheers, Ed Link to comment Share on other sites More sharing options...
Nick_Infrenion Posted May 17, 2010 Share Posted May 17, 2010 Yes, suPHP would be a good option. With PHP running as CGI with suPHP enabled your php scripts now execute under your user/group level. Files or directories that you require your php scripts to write to no longer need to have 777 permissions. In fact, having 777 permissions on your scripts or the directories they reside in will not run and will instead cause a 500 internal server error when attempting to execute them to protect you from someone abusing your scripts. Your scripts and directories can have a maximum of 755 permissions (read/write/execute by you, read/execute by everyone else). PHP running as CGI/suexec is much more secure than the older Apache module method. Link to comment Share on other sites More sharing options...
pick1e Posted September 6, 2010 Share Posted September 6, 2010 Yes, suPHP would be a good option. With PHP running as CGI with suPHP enabled your php scripts now execute under your user/group level. Files or directories that you require your php scripts to write to no longer need to have 777 permissions. In fact, having 777 permissions on your scripts or the directories they reside in will not run and will instead cause a 500 internal server error when attempting to execute them to protect you from someone abusing your scripts. Your scripts and directories can have a maximum of 755 permissions (read/write/execute by you, read/execute by everyone else). PHP running as CGI/suexec is much more secure than the older Apache module method. I could use some help :) I might be in over my head trying to install suPHP. I have a virtual dedicated server, root access, but I'm no linux guru. Are there any experts with a few moments to spare? There are some tutorials out there but they seem very specific to hosting companies. I've downloaded and unpacked, but now treading uncharted waters. I guess I could use some insight on configuration. Thanks :) -------------------------------- Justin osC is awesome. Thanks everyone. Link to comment Share on other sites More sharing options...
♥FWR Media Posted September 6, 2010 Share Posted September 6, 2010 I could use some help :) I might be in over my head trying to install suPHP. I have a virtual dedicated server, root access, but I'm no linux guru. Are there any experts with a few moments to spare? There are some tutorials out there but they seem very specific to hosting companies. I've downloaded and unpacked, but now treading uncharted waters. I guess I could use some insight on configuration. Thanks :) I personally would steer well clear of suPHP and running PHP as a CGI if you are running a VPS .. it's sloooooooooooooooooow. I would run PHP as an apache module ( DSO ) and enable APC opcode cache for speed. suPHP is essential for multi account "bucket shop" hosting but imo you do not need it for a dedicated/VPS. If you are worried about 0777 directories just put a .htaccess file in them containing the below: - php_flag engine off <Files ~ "\.(php*|s?p?html|cgi|pl)$"> deny from all </Files> Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
♥FWR Media Posted September 6, 2010 Share Posted September 6, 2010 Another consideration while everyone is "banging on" about you MUST use suPHP. ( taken from a post by Doug Robbins ). Without suPHP Without suPHP, intruders might gain write-access to all files and directories that are owned by "nobody" or are world-writable -- e.g. chmod xx6 for files or xx7 for directories. With suPHP Intruders might gain write-access to all files owned by the user. If an exploit runs with permissions of the account owner, all files in the account are susceptible to being overwritten. You might want to consider installing suhosin for added security. Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
pick1e Posted September 12, 2010 Share Posted September 12, 2010 I personally would steer well clear of suPHP and running PHP as a CGI if you are running a VPS .. it's sloooooooooooooooooow. I would run PHP as an apache module ( DSO ) and enable APC opcode cache for speed. suPHP is essential for multi account "bucket shop" hosting but imo you do not need it for a dedicated/VPS. If you are worried about 0777 directories just put a .htaccess file in them containing the below: - php_flag engine off <Files ~ "\.(php*|s?p?html|cgi|pl)$"> deny from all </Files> Many thanks for your insight. I have read several other posts from you and others about how suPHP is slow, etc. I thought I'd test anyway and I gave up after reprovisioning my server, somehow I broke mySQL with suPHP hehe. I thought easier to reprovision than try to figure that mess out! A couple questions though if you could enlighten me (us): You recommend running php as an apache module. Is this a speed recommendation, or does this affect the permissions issue? I thought I saw somewhere that it is on my site, but I'd have to check. How can I find out how it is running? phpinfo? I've seen some places recommending 775. Is this any better than 777? I think I tried it at one point and it didn't work anyway. The .htaccess code you give, that still doesn't block someone from uploading a file, right? Just running it? I'd like to avoid loading my site one day to find all my product pictures replaced with porn ;) For now I'm just using FTP and assigning images with oscFileBrowser. Kind of a bummer but works fine. -------------------------------- Justin osC is awesome. Thanks everyone. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.