Home » Knowledge Base » suphp

suphp

suPHP is a tool for executing PHP scripts with the permissions of their owners. There are some significant improvments in suPHP such as:-

* HTTP based authentication auth works via php
* symbolic links to php files also work
* permissions of public_html does not need to be changed for using shared SSL with php5
* Custom error pages will work with both php4 and php5

suPHP brings a new level of security to the way php is used.

1) php scripts execute using the permissions of userid of the account holder instead of user “nobody”

2) world writable folders (chmod 777) is not required for file uploads through php

3) The php file need to have ownership of the user to execute in the user account (by default it is).

4) php file (script) does not need 755 permissions. 644 is fine. In fact 400 or 600 is ok too (especially good for sensitive information).

5) php_flag or php_value can NOT be used in .htaccess files (It will result in Internal Server Error).

6) The php flags that do not work in .htaccess can be moved to php.ini file in the same folder where php script exists. However, the php flag/value will be in the format of php.ini and not that of .htaccess. For example this from .htaccess

php_flag register_globals off –> will go into php.ini as: –> register_globals off

If php.ini exists in the folder where the php scripts exists, it will take all values from it and nothing will be taken from main php.ini.

7) If the folder that contains a php file/script is world writable (chmod 777), it will result in Internal Server Error. This is similar to cgi/perl scripts under suexec that do not like such permissions for security reason. The normal folder permissions should be 755.

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*