Running mod_php and suPHP same time

Question

I recently went from Debian Lenny with 5.2.x and was able to use mod_php for any php files that were not located in /home/ and suPHP for all the php files that were located in /home/.

I did this because I needed a default php.ini (given me all features of php) for my websites in /var/www/ and I didn't want to have to change the owner of all the .php files from root. I also had a default php.ini for all the /home/ php files without dangerous features.

This was I had setup:

    <IfModule mod_suphp.c>
        <Directory /home/>
                AddType application/x-httpd-php .php .php3 .php4 .php5
                suPHP_AddHandler application/x-httpd-php
                suPHP_Engine on

                suPHP_ConfigPath /home/shared/
        </Directory>
    </IfModule>

This was working perfect, but recently I upgraded to PHP to 5.3.5 from dotdeb (Lenny has no official php 5.3) . This had weird issues on lenny such as not display errors correctly and little tid bits. So I decided to upgrade from lenny to squeeze. Uninstalled php (along with it came suphp) and reinstalled with the new source. I now have 5.3.3-7 with Debian Squeeze but I cannot get mod_php and suPHP to run at the same time anymore. mod_php will always work and there are no errors in apache2 or suphp logs. If I disabled mod_php then suPHP will work.

Is there thing I am doing wrong?

Answer 1

I was able to accomplish what I was after by putting php_admin_flag engine Off at the top of the mod_suphp.c. Also I had to make sure I used suPHP_Engine off by default.

End result:

    <IfModule mod_suphp.c>
        <Directory /home/>
                php_admin_flag engine Off
                AddType application/x-httpd-php .php .php3 .php4 .php5
                suPHP_AddHandler application/x-httpd-php
                suPHP_Engine on

                suPHP_ConfigPath /home/shared/
        </Directory>
    </IfModule>

Just for those wondering, this is what I had for my /home/shared/php.ini they will be every /home users php.ini unless I specify differently in vhosts:

allow_url_fopen = Off 
display_errors = On 
display_startup_errors = On 
log_errors = On 
error_reporting = E_ALL 
error_log = "/var/log/apache2/php_user_errors.log"
expose_php = Off 
magic_quotes_sybase = Off 
register_globals = Off
open_basedir = "/home:/tmp"
short_open_tag = On
session.save_path = "/tmp"
disable_functions = "phpinfo, apache_child_terminate,apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,curl_exec,curl_multi_exec,dir,disk_free_space,diskfreespace,dl,eval,exec,fsockopen,highlight_file,ini_alter,ini_restore,ini_set,openlog,parse_ini_file,passthru,pclose,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,readfile,set_time_limit,shell_exec,show_source,stream_socket_server,symlink,system,virtual"

Answer 2

I needed a default php.ini (given me all features of php) for my websites in /var/www/ and I didn't want to have to change the owner of all the .php files from root. I also had a default php.ini for all the /home/ php files without dangerous features.

Wouldn't it just be simpler to override the relevant ini settings in the httpd.conf configs (then allow override none to prevent them being changed in .htaccess?). Something like....

<Directory /home/*/public_html>
   AllowOverride FileInfo AuthConfig Limit
   Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
   php_admin_flag safe_mode On
   <Limit GET POST OPTIONS>
    Order allow,deny
    Allow from all
   </Limit>
   <LimitExcept GET POST OPTIONS>
    Order deny,allow
    Deny from all
   </LimitExcept>
</Directory>