And is it necessary? I've read a bunch of pages on it and I can't for the life of me actually figure it out, as opposed to what apache and just plain old php already do.
Asked
Active
Viewed 406 times
1 Answers
7
It starts php processes as the owner of the .php being executed. Apache + php by default are running as a pre-defined user in the apache config. (typically www-data, apache or httpd). If you have files that are owned by a specific user, or want to setup distinct permissions for multiple users' sites... you can create a user for each site, and set permissions in the directory structure based on each user... rather than ensuring the apache user/group have permissions to access the files.
For example... if I have a php file owned by "bob" and it makes changes in a directory with group/owner set to bob, ... the apache probably can't write to the directory unless the permissions bit-mask gives rwx to the directory and files. With suPHP, the php file is run under "bob"'s account rather than apache's account... and the script can do anything "bob" can.
TheCompWiz
- 7,349
- 16
- 23
-
Php is reading files as being writable even though CHMOD is set to 555. Could SuPHP be doing that? – Citizen Aug 31 '11 at 18:48
-
Absolutely. By default, even if you change the owner's permissions to 0, the owner still maintains full access of the files. – TheCompWiz Aug 31 '11 at 18:52
-
Thanks! Doesn't that create a security issue? Is it OK if I remove suphp from the server? – Citizen Sep 01 '11 at 23:33
-
It depends on you honestly, in some instances where you want to allow php full access to the most/all files contained within the scope of the user owning the files... or are operating within some sort of jailed apache config... this might be ideal. I personally wouldn't do such. – TheCompWiz Sep 07 '11 at 20:34