13

While I'm quite comfortable as a Linux user, my Linux Admin-fu is a bit weak. Thus, I'm here looking for guidance with a CentOS server I'm about to build.

I need to setup an Apache2 web server for a few of our clients. I want each client's web content to be under their home directory (USERDIR in apache.conf, right?) for the static HTML sites. I want Apache to run as the client (suexec?). Some of their stuff will be PHP apps and I'm under the impression I'll want to look at suphp as well then.

So basically I want to look like a small version of a shared web hosting company. Considering how common those are I thought I'd easily find a nice current How-To guide on setting this all up but so far I've had very little luck. I suspect my search words are off.

So the questions (feel free to answer any or all):

  1. Anyone have some solid links to current/modern guides that would help me set this all up? No, the apache documentation site is not a guide ;-)
  2. Since I have a mix of static sites and PHP apps do I want/need both suexec and suphp installed? If so, does that introduce any challenges I should be aware of?
  3. Should I be looking at other options instead of suexec and suphp?

I plan to give the end users SSH, SFTP or SCP access to their stuff (if that affects anything).

Thanks in advance for your help.

[Edit] I should have mentioned this earlier: One key goal of my quest to emulate a shared hosting provider related to file perms and ownership. I'd really like to have to avoid teaching users about needing to change such things just to see their additions / changes.

Chris_K
  • 3,434
  • 6
  • 41
  • 45

1 Answers1

15

Using suexec and suphp enforce a different type of privilege separation than the default.

The default is to separate the user's permission from the web server. That is, the user owns the files, and he has to grant the web server permission to view and change them.

The suexec/suphp model is that the webserver (when running scripts) runs under the user's account, so the website has permission to do anything that the user has permission to do. To a certain degree, this removes the separation between the user and the webserver, but in exchange it enforces a DIFFERENT separation: that is, between the website of one user and the website of a different user on the same box.

By default, PHP always runs under Apache's user account, so one website's PHP scripts can access any files that another site's PHP scripts can. Therefore, if one account on the server gets hacked, the infection can spread to the others. SuPHP prevents this.

Neither suexec nor suphp will affect the way apache serves static content. All the old rules still apply. Instead, suexec and suphp change the account under which CGI and PHP (respectively) will run. Suexec makes CGI executable run under the owner's account, while SuPHP makes PHP scripts run under the owner's account.

Suexec and SuPHP aren't necessarily better. They're just different. They won't prevent a website from being hacked (and arguably might make the site easier to hack), but they will prevent a compromise on one site from spreading to all the others. To the site administrator, this isolation is arguably more important, which is why some shared hosting systems make suexec and suphp the default.

One extremely common "gotcha" is that SuPHP checks the ownership and permissions of a script before it runs, and will return a 500 error if the permissions aren't appropriate.

In particular:

  • The owner and group of the file must match the website owner (as setting in apache configuration)
  • The file must not be world-writable
  • The parent directory must not be world-writable
tylerl
  • 14,885
  • 7
  • 49
  • 71
  • So, knowing that I want to emulate a shared hosting model (as you pointed out, keeping the users from each other) is the suexec/suphp model the way I want to go or do you feel there are better options? I've also edited the post to indicate that one key goal is to avoid teaching users about having to modify file perms or owners just to see their changes or additions. – Chris_K Apr 02 '10 at 23:46
  • 2
    suexec/suphp is a good solution for what you're after. – tylerl Apr 03 '10 at 08:06
  • I would prefer suphp to suexec. It's safer I think. – Vladislav Rastrusny Apr 23 '10 at 11:18
  • @FractalizeR: Normally you use both at the same time. SuPHP is for PHP, suexec is for CGI. You can run PHP over suexec by running PHP as a CGI, but that's a bit unnecessary since better (more secure, more efficient) options for PHP exist. – tylerl Apr 27 '10 at 10:45
  • @tylerl: Thank you very much for your answer. What are the more secure/efficient solutions for PHP you are referring to? – benjamin Mar 20 '11 at 11:43
  • @benjamin: Everything is more efficient than CGI. If you're looking for an alternative with similar attributes, fastcgi is probably the way to go. It's a favorite for large sites, particularly when coupled with an efficient webserver like nginx. – tylerl Mar 21 '11 at 01:53