Mod_php to SuPHP migration - A big deal ?

[driverC]

Hi,

I am thinking about going from mod_php to suPHP. My questions:

- Has anyone here ever done this before on a Cpanel server and was it a big deal ? Did it break a lot of scripts ?

- Some files will be owned by user nobody. Will Cpanel automatically chown them to the user if I go to suPHP ? Otherwise they may become inaccessible which is going to break a lot of scripts on the server.

- Also some files and directories will be world writeable CHMOD 777. I understand suPHP is not going to accept this and block the script. Now I wonder if Cpanel is going to convert these settings automatically upon conversion.

- What about .htaccess configuration. Will Cpanel automatically convert php_value settings into a php.ini file ?

Thanks !

 

[WiredTree Joe]

We convert people to and from SuPHP on a daily basis. Making the move to SuPHP will break some scripts and cPanel will not adjust your file permissions for you. You will have to manually change all of the files and directories to the correct permissions and adjust any .htaccess rules accordingly. You should be able to do a for loop with bash to script most of the permission changes. 755 for directories and 644 for PHP based files.

 

[madaboutlinux]

To correct the ownership of all the files of all the accounts, use the following script:

for i in `cat /etc/trueuserdomains | awk '{print $2}'`
do
chown $i.$i /home/$i -R;
chown $i.mail /home/$i/etc -R;
chown $i.nobody /home/$i/public_html;
done;

Once done, you need to make sure any file/directory having 777 permissions should be changed to a maximum of 755. Execute the following to remove the 'write' permission from groups and others.

chmod og-w /home/*

Regarding the php directives in the .htaccess file, you need to manually remove them and add them in a php.ini file under the respective accounts.

 

[driverC]

Thanks for your replies.

Ok so this means I will have to do the following:

- Fix ownerships
- Fix permissions
- Convert .htaccess rules

The only other thing that bothers me is that configuration files will still be chmod 644 and I don't see an easy way to change these to 600 whilst not breaking other applications. I mean there is no way how I can tell configuration files from application files which means I will have to leave those set to 644 which means they are still world readable and any user on any account can read out any other user's MySQL passwords.