noimad1

Well-Known Member
Mar 27, 2003
626
0
166
It is my understanding that suPHP forces php scripts to run as the user right?

However, does this mean that we have to run php5 in cgi mode for the processes to show as the user?

The reason I ask is I have php5 running suPHP, but in dso mode, and the php processes are still showing as "nobody". Do I have to turn on cgi mode as well?
 

Spiral

BANNED
Jun 24, 2005
2,018
8
193
It is my understanding that suPHP forces php scripts to run as the user right?

However, does this mean that we have to run php5 in cgi mode for the processes to show as the user?

The reason I ask is I have php5 running suPHP, but in dso mode, and the php processes are still showing as "nobody". Do I have to turn on cgi mode as well?
I have been using SuPHP for a number of years now even back when phpSuExec
was still popular and was the only thing most people knew about despite the
general securitymess phpSuExec was making of things at the time under the
delusion of helping security. Unlike phpSuExec, SuPHP really does help in terms
of your general security and being able to track user script execution better.

Anyway, to answer your question and so you know how suPHP functions ...

1. PHP itself has to be compiled as a CGI in order to be linked to SuPHP.

2. SuPHP itself is an Apache DSO module that **CALLS** the PHP CGI binary
and executes it which the owner and permissions of the account from
where the PHP script is being executed.

So know you understand a little more how SuPHP functions. It is an Apache
module that calls the PHP CGI binary usually located at /usr/local/bin/php-cgi.
The PHP portion is run as a CGI binary and is **NOT** an Apache module!

(Side Note: I don't recommend FastCGI for servers running SuPHP)

Configured properly, SuPHP will give you a great boost in security and
allow you to more closely monitor script executions and keep log records
that trace back to account origins plus users will be better restricted
to their own accounts and not so easily wander into other user's accounts.
 
Last edited: