![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2015-09-17
介紹
executing PHP scripts with the permissions of their owners.
它共有兩個組件
- mod_suphp (Apache module)
- suphp (setuid root)
Diagram
apache --> mod_suphp --> suphp
安裝
yum install httpd-devel php-devel
cd /tmp
wget http://www.suphp.org/download/suphp-0.7.2.tar.gz
tar xvfz suphp-0.7.1.tar.gz
cd suphp-0.7.1/
./configure --prefix=/usr --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-setid-mode=owner --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes
make
make install
設定檔
/etc/httpd/conf.d/suphp.conf
LoadModule suphp_module modules/mod_suphp.so
/etc/suphp.conf
[global] ;Path to logfile logfile=/var/log/httpd/suphp.log ;Loglevel loglevel=info ;User Apache is running as webserver_user=apache ;Path all scripts have to be in docroot=/ ;Path to chroot() to before executing script ;chroot=/mychroot ; Security options allow_file_group_writeable=true allow_file_others_writeable=false allow_directory_group_writeable=true allow_directory_others_writeable=false ;Check wheter script is within DOCUMENT_ROOT check_vhost_docroot=true ;Send minor error messages to browser errors_to_browser=false ;PATH environment variable env_path=/bin:/usr/bin ;Umask to set, specify in octal notation umask=0077 ; Minimum UID min_uid=1001 ; Minimum GID min_gid=1001 [handlers] ;Handler for php-scripts x-httpd-suphp="php:/usr/bin/php-cgi" ;Handler for CGI-scripts x-suphp-cgi="execute:!self" ;
一切設定好後, 就可以 restart service
/etc/init.d/httpd restart
Apache setting
在某 virtualhost 才用 suphp
httpd.conf
suPHP_Engine off
vhosts.conf
<VirtualHost>
suPHP_Engine on
# /path/to/server/config/php.ini
suPHP_ConfigPath /path/to/server/config
<Directory>
suPHP_UserGroup foouser bargroup
</Directory>
</VirtualHost>
在某 Folder 停用 suphp
<Directory /usr/share>
suPHP_Engine off
</Directory>
Troubleshoot
Case 1:
[Thu Sep 17 11:52:41.297077 2015] [:error] [pid 13834] [client 115.160.172.18:51414] SoftException in Application.cpp:350: UID of script "/var/www/html/info.php" is smaller than min_uid
Solution 1:
min_uid
