官方網站: http://www.suphp.org/
suPHP install Documentation
Installation
1. Introduction
The suPHP Apache module together with suPHP itself provides an easy way to run PHP scripts with different users on the same server.
It provides security, because the PHP scripts are not run with the rights of the webserver‘s user.
In addition to that you probably won‘t have to use PHP‘s "safe mode", which applies many restrictions on the scripts.
Please note that the suPHP binary has to be installed setuid-root to work, so a security bug in suPHP probably will allow atackers to run commands with root privileges. Although I currently don‘t know any bug in suPHP I can‘t guarantee that there aren‘t any.
2. Installation
Run ./configure with the appropriate paramters for your system.
On most systems a
./configure --prefix=/usr
will suffice.
The configure script can take the familar GNU autoconf arguments plus the following suPHP specific ones:
--disable-checkpath:
With this compile time option suPHP does not check, whether a script (or a symink to it)is inside the DOCUMENT_ROOT. You may want to activate this option if you are working with "Alias"-directives.
--disable-checkuid:
You may specify this option to make suPHP work with scripts whose UIDs are not listed in /etc/passwd.
--disable-checkgid:
You may specify this option to make suPHP work with scripts whose GIDs are not listed in /etc/group.
--with-apxs=FILE:
Path to "apxs" of your Apache installation. If not specified, configure will look for apxs in your PATH. Without apxs the Apache module mod_suphp will not be built. It will not be built either, if your Apache has been compiled without DSO support. Please make sure you specify the right path to apxs, because suPHP will use apxs to check whether to build mod_suphp for Apache 1 or Apache 2.
--with-min-uid=UID:
The minium UID that suPHP will allow PHP to run scripts with (defaults to 100).
--with-min-gid=GID:
The minium GID that suPHP will allow PHP to run scripts with (defaults to 100).
--with-apache-user=USERNAME:
Username (not UID) Apache is running as (defaults to wwwrun).
--with-php=FILE:
Path to PHP interpreter "php" (defaults to /usr/bin/php).
--with-logfile=FILE:
Path to the suPHP logfile (defaults to /var/log/httpd/suphp_log).
--with-setid-mode=MODE:
MODE has to be one of: "owner": Run scripts with owner UID/GID "force": Run scripts with UID/GID specified in Apache configuration (only supported when using Apach 2) "paranoid": Run scripts with owner UID/GID but also check if they match the UID/GID specified in the Apache configuration
Now compile suPHP using "make" and if no error occured install it using "make install". Be sure to be root, when you try to install it.
If your Apache is running with DSO support and "apxs" was found during the build process, you are done. Otherwise you have to rebuilt your Apache server with "mod_suphp.c" included. If you used another prefix during the suPHP build than "/usr", you have to modify "mod_suphp.c" to set the path to the suPHP executable (which you can find in $exec_prefix/sbin/suphp).
Details on how to compile your Apache webserver with mod_suphp can be found in apache/INSTALL.
Now, the only thing you have to do, is to modify your "httpd.conf" to activate suPHP for specific VHosts. See apache/CONFIG for details on this.
./configure --with-setid-mode=paranoid --with-min-uid=100 --with-min-gid=100
--with-apache-user=apache --with-logfile=/var/log/httpd/suphp_log
--with-apxs= /usr/local/apache/bin/apxs --with-apr=/usr/bin/apr_config
make
make install
httpd.conf 配置
编辑httpd.conf
LoadModule setenvif_module libexec/mod_setenvif.so
#LoadModule php4_module libexec/libphp4.so
LoadModule suphp_module libexec/mod_suphp.so
#LoadModule limitipconn_module libexec/mod_limitipconn.so
#LoadModule suphp_module libexec/mod_suphp.so
# Reconstruction of the complete module list from all available modules
# (static and shared ones) to achieve correct module execution order.
# [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE Update THIS, TOO]
ClearModuleList
#AddModule mod_php4.c
AddModule mod_suphp.c
#AddModule mod_limitipconn.c
#AddType application/x-httpd-php3 .php3
#AddType application/x-httpd-php .php
suPHP_Engine on
AddHandler x-httpd-php .php
AddHandler x-httpd-php .php3
suphp.conf样式:
[global]
logfile=/var/log/suphp.log
loglevel=info
webserver_user=wwwrun
docroot=/srv/www/vhosts
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false
check_vhost_docroot=false
errors_to_browser=false
env_path=/bin:/usr/bin
umask=0022
min_uid=30
min_gid=30
[handlers]
x-httpd-php=php:/usr/bin/php5-cgi
x-suphp-cgi=execute:!self
.
- 上一篇:.net 出现找不到指定的模块Exception from HRESULT:0x8007007E
- 下一篇:Microsoft VBScript runtime error 800a0005 错误的处理