suphp to dso : what should I watch out for?

[netentropy]

I am moving my php handler from suphp to dso so I can use APC. I run mostly Drupal sites and only for myself. Are there any pitfalls I should be wary of?

 

[johnkata]

Hi,

You're (poissibly) going to run into permissions issues when it comes to file uploads. suPHP is nice because the upload directory can be owned by the user with more restrictive permissions than DSO. When running DSO, the upload directory needs to be owned by 'nobody' or have 777 permissions in order for PHP to save uploaded files to it.

Also, if you've created a custom php.ini file in any account to modify global PHP settings, you'll need to add your modified settings to .htaccess as "php_value" directives, as DSO doesn't check for local php.ini files.

 

[netentropy]

Hi,

You're (poissibly) going to run into permissions issues when it comes to file uploads. suPHP is nice because the upload directory can be owned by the user with more restrictive permissions than DSO. When running DSO, the upload directory needs to be owned by 'nobody' or have 777 permissions in order for PHP to save uploaded files to it.

Also, if you've created a custom php.ini file in any account to modify global PHP settings, you'll need to add your modified settings to .htaccess as "php_value" directives, as DSO doesn't check for local php.ini files.

Thanks! Could you talk a bit about the 777 permission issues on uploads and how this is or is not a bad thing. This is the only thing keeping me from making the move and I do not see how it would be such a problem.

Folks say it is a security risk but how is it more of a security risk than if someone new your suphp username and password and utilized it.

Do you mean others on the same server would be able to use this directory? And if so, if I am the only one on the server does that even matter?