Weird, whatever I try to do I end up with php files not working correctly. I get asked to save them instead. I did try suphp first, as that did not work though I tried normal php4 and normal php5... none seem to work at all. Any ideas?
I finally got around to writing a guide for using suPHP on CPanel. I had to find my old notes for making it work, and I did go ahead and make a patch for the necessary modifications.
The guide is available at:
http://www.spareknet.org/howtos/suphp.php
Please note, this is completely outside of CPanel. It does not use the easyapache2 script and only applies for Apache 1.3. But maybe someone will find it useful.
The guide is available at:
http://www.spareknet.org/howtos/suphp.php
Please note, this is completely outside of CPanel. It does not use the easyapache2 script and only applies for Apache 1.3. But maybe someone will find it useful.
dude, i've been struggling with weak how-tos for suphp for a week now, and i've had to often resort to how-tos for other control panels (eek).
thanks for posting this, it'll be a big help
EDIT: btw, if you could consider adding support for the Suhosin patches from hardened-php.net, that would be awesome. Suhosin is binary compatible, so it no longer breaks things like the normal hardened-php patch would.
http://www.hardened-php.net/suhosin.127.html
thanks for posting this, it'll be a big help
EDIT: btw, if you could consider adding support for the Suhosin patches from hardened-php.net, that would be awesome. Suhosin is binary compatible, so it no longer breaks things like the normal hardened-php patch would.
http://www.hardened-php.net/suhosin.127.html
Last edited:
Thanks, I tried to read through the guide to make sure there were not any errors, but its always good to have an extra set of eyes. I've made some adjustments to the guide and the filenames should be represented correctly now.
I left out some of the steps such as downloading the source and extracting it. I believe there has to be some level of understanding of how to get this far. You have to draw a line somewhere. I considered the downloading and extracting of the source and patches as trivial. I also just say to edit the file, use whatever editor you feel like using, since you are not bound to use any particular text editor for changing the files.
I left out some of the steps such as downloading the source and extracting it. I believe there has to be some level of understanding of how to get this far. You have to draw a line somewhere. I considered the downloading and extracting of the source and patches as trivial. I also just say to edit the file, use whatever editor you feel like using, since you are not bound to use any particular text editor for changing the files.
agreed, gotta have the understanding, but also for those of us (such as myself) that has the understanding, but is lazy, hehehehe, it's nice to have the commands setup for copy/paste :D
anywho, just to let you know, i've got my server running with suphp now. your guide helped immensely, since I hadn't found any other resources that suggested suphp needed to be patched. (i used another guide for compiling my php to run under fastcgi, so i was only missing your suphp piece)
also, i placed the suphp.conf in /etc, I assume that's correct because I'm not seeing any errors.
right now i'm trying to work up a small sh script that i can run to change permissions for user's files (to preempt any permission/security issues)
anywho, just to let you know, i've got my server running with suphp now. your guide helped immensely, since I hadn't found any other resources that suggested suphp needed to be patched. (i used another guide for compiling my php to run under fastcgi, so i was only missing your suphp piece)
also, i placed the suphp.conf in /etc, I assume that's correct because I'm not seeing any errors.
right now i'm trying to work up a small sh script that i can run to change permissions for user's files (to preempt any permission/security issues)
Okay, here's my script for changing file ownership, and folder/file permissions, for all hosted users.
This took some trial/error on my part, as i'm not familiar with SH syntax. just a note, if user's have improperly named files/folders, such as "Albert's Album", this script won't be able to work with that file/folder (just saw that happen when i ran the script, lol)
anyways, if someone wants to make this script better, that'd be fine by me:
This took some trial/error on my part, as i'm not familiar with SH syntax. just a note, if user's have improperly named files/folders, such as "Albert's Album", this script won't be able to work with that file/folder (just saw that happen when i ran the script, lol)
anyways, if someone wants to make this script better, that'd be fine by me:
Code:
#!/bin/sh
cd /home
for file in *
do
if cd /home/$file/public_html; then
echo $file;
chown -R $file:$file * .*
for i in $( find . -name "*.php" ); do chmod 644 $i; done
for i in $( find . -type d ); do chmod 755 $i; done
fi
doneI see where you have one script that should work for this. I don't know if my script is any better, but I do have a script that does do such a thing at:intel352 said:
http://www.spareknet.org/scripts
Its a simple script, it does about the same thing that yours does, but it should accomodate files and directories that have spaces in them.
I have used hardened-php in the past but it always broke the Zend Optimizer (I think), so I stopped using it. I'm not sure if this is still the case or if this is referring to something different. If its just a PHP patch, then you should be able to apply the patch to the PHP source before you compile it.intel352 said:btw, if you could consider adding support for the Suhosin patches from hardened-php.net, that would be awesome. Suhosin is binary compatible, so it no longer breaks things like the normal hardened-php patch would.
http://www.hardened-php.net/suhosin.127.html
nice script, only one difference i can see, yours doesn't chmod individual files. if you would add in a line to chmod files that are 666 back to 644, you should then reference that script in your How-To, for admins that are upgrading existing servers
Suhosin comes in 2 parts that can be used separately or together. 1 part is a patch that is applied to remove some insecurities at a low level, the other part is essentially the hardened-php old-style patch, but now written as an extensionsparek-3 said:
it doesn't conflict with Zend at all, works find on my server. suhosin is a new project, but i've had no issues so far. prevents remote includes and whatnot, nice to have a hardened php without the breakage
but yes, it's simple to install, just thought it would be nice to see your how-to go the distance for providing a secured php
I glanced over the howto.. it's nicely written, but you're making some compromises which could be disasterous.sparek-3 said:
first, running the cli version of php in a cgi environment is a bad idea.. I know they seem similar, but there are different versions for good reason...the cli version has less tight security requirements--while the paranoid cli security might seem overkill there's logic in it.
secondly, and the real issue (I'm personally indifferent as to whether or not you use cli/cgi versions to be honest), is the /usr/cgiphp/php-source.sh file.
by echoing the Content-Type, you're precluding CGI from delivering non text/html content without confusing the browser.
That was the solution posted to the suphp mailing list regarding PHP source files. I agree and like the howto says its really a feature that I just put into the guide, its the newest feature of the howto and thus less tested and I'll say I'm less versed in its solution. That part of the guide can be safely left out. If you don't add a .phps handler then .phps file will still be shown, the code will be displayed in a browser, it just won't be in syntax highlighted, it will just be plain text.
I will put up a notice regarding that feature in the guide. I wasn't really sure how many people actually used PHP source files. I'm sure that if you are hosting a PHP developer then he will need or want this feature, but other than that, I'm not sure how widely used PHP source files really are.
If you feel that it is too much of a security risk, you can safely leave it out and suPHP will continue to function without it.
I will put up a notice regarding that feature in the guide. I wasn't really sure how many people actually used PHP source files. I'm sure that if you are hosting a PHP developer then he will need or want this feature, but other than that, I'm not sure how widely used PHP source files really are.
If you feel that it is too much of a security risk, you can safely leave it out and suPHP will continue to function without it.
Could you tell me why I received:
Syntax error on line 932 of /usr/local/apache/conf/httpd.conf:
suPHP_AddHandler not allowed here
Best regards,
Mariusz Jokiel
Syntax error on line 932 of /usr/local/apache/conf/httpd.conf:
suPHP_AddHandler not allowed here
Best regards,
Mariusz Jokiel
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| C | Php-fpm & cgi vs suPHP | Web Servers and Applications | 3 | |
| M | DSO and suPHP for php5? | Web Servers and Applications | 1 | |
| T | suphp php4+php5 | Web Servers and Applications | 0 | |
| B | SuPHP+PHP5+Apache 2.0 | Web Servers and Applications | 2 | |
| W | MIMETypes/AddHandler Apache2, suPHP and PHP5 | Web Servers and Applications | 6 |