View Single Post
Old 13th September 2008, 10:04
omry omry is offline
Junior Member
Join Date: Sep 2008
Posts: 23
Thanks: 3
Thanked 3 Times in 3 Posts

Originally Posted by till View Post
This is a matter of security. If all sites of a client share the same user, they will all be affected of a hack if one of the sites get hacked as the scripts of the site run under this user. neverthesless, all sites of a user share the same group, so als long as your files are grup writable, it can be accessed by the same user.
I understand your point, but personally I am willing to live with user level isolation.
is there any chance for this to be implemented, at least as an option?

Originally Posted by till View Post
This question you will have to ask the maintainer of the suphp packages. I have removed the suphp_UserGroup directive now. But this is not as secure as the configuration with Usergroup.

Without suphp_UserGroup setting, the php scripts are run under the user that owns the files. This is genrally fine as long as you uploaded the files with the correct user. But in case you (as root admin) coped some files from another website and forgot to chown the files, they will get wrong access priveliges, with suphp_UserGroup setting you would have got a 500 error in this case.
I see.
in fact this question should go to the suphp developer first, because the latest code he released does not allow proper usage of the suphp_UserGroup settings. I had to slightly change the code.
Reply With Quote