How To Set Up suPHP On A Debian Etch Based ISPConfig Server

Want to support HowtoForge? Become a subscriber!
 
Submitted by Hans (Contact Author) (Forums) on Wed, 2007-04-18 14:29. :: ISPConfig | Apache | Control Panels | PHP

How To Set Up suPHP On A Debian Etch Based ISPConfig Server

ISPConfig_suPHP_logo

Version 1.1
Author: <hans> [at] bb-hosting [dot] org>
Last edited 14/03/2008

In general, this howto is the same as my howto "How To Set Up suPHP On A Debian Sarge Based ISPConfig Server" at http://www.howtoforge.com/suphp_debian_ispconfig but it contains some small but important modifications for Debian Etch.

When you've set up suPHP on your ISPConfig server, you are able to run the PHP scripts under the admin user of the website instead of www-data.

Important: I have tested this howto on a Debian Etch server with ISPConfig 2.2.11 and PHP Version 5.2.0-8 for Apache 2.2.3, but I do not issue any guarantee that this will work for you!

First make a copy of your /etc/apache2/vhosts/Vhosts_ispconfig.conf. For example copy it to /etc/apache2/vhosts/Vhosts_ispconfig-backup.conf.

On a default ISPConfig server php5 is running as a module. Disable it with the command:

a2dismod php5

Now remove all the phpadmin entries within the original Vhosts_ispconfig.conf file. Restart Apache:

/etc/init.d/apache2 restart

As we removed all the phpadmin entries, you should not have any errors, when Apache2 restarts.

Install suPHP as a DSO, therefore we must install apxs (on Debian Etch it's apxs2):

apt-get install apache2-prefork-dev

Install PHP5-CGI:

apt-get install php5-cgi
cd /tmp

Install suPHP, version 0.6.2 is the latest stable version at this time:

wget http://www.suphp.org/download/suphp-0.6.2.tar.gz
tar xvfz suphp-0.6.2.tar.gz
cd suphp-0.6.2
vi src/apache2/mod_suphp.c

Replace the lines 324/325 with these two lines below (if you use a different version of suPHP, the line numbers can be different):

AP_INIT_ITERATE("suPHP_AddHandler", suphp_handle_cmd_add_handler, NULL, RSRC_CONF | ACCESS_CONF, "Tells mod_suphp to handle these MIME-types"),

AP_INIT_ITERATE("suPHP_RemoveHandler", suphp_handle_cmd_remove_handler, NULL, RSRC_CONF | ACCESS_CONF, "Tells mod_suphp not to handle these MIME-types"),

Then we compile and install suPHP:

./configure --prefix=/usr --sysconfdir=/etc --with-apache-user=www-data --with-setid-mode=paranoid --with-apxs=/usr/bin/apxs2
make
make install

Copy the suphp.conf file:

cp /tmp/suphp-0.6.2/doc/suphp.conf-example /etc/suphp.conf

Change the content of /etc/suphp.conf, by using the command:

vi /etc/suphp.conf

It should look like this:

[global]  ;Path to logfile  logfile=/var/log/suphp.log   ;Loglevel  loglevel=info   ;User Apache is running as  webserver_user=www-data   ;Path all scripts have to be in  docroot=/   ;Path to chroot() to before executing script  ;chroot=/mychroot   ; Security options  allow_file_group_writeable=true  allow_file_others_writeable=false  allow_directory_group_writeable=true  allow_directory_others_writeable=false   ;Check wheter script is within DOCUMENT_ROOT  check_vhost_docroot=true   ;Send minor error messages to browser  errors_to_browser=false   ;PATH environment variable  env_path=/bin:/usr/bin   ;Umask to set, specify in octal notation  umask=0077   ; Minimum UID  min_uid=100   ; Minimum GID  min_gid=100    [handlers]  ;Handler for php-scripts  x-httpd-php=php:/usr/bin/php5-cgi   ;Handler for CGI-scripts  x-suphp-cgi=execute:!self

Add the following line to /etc/apache2/httpd.conf, using the command:

vi /etc/apache2/httpd.conf

LoadModule suphp_module       /usr/lib/apache2/modules/mod_suphp.so

Restart Apache, using the command:

/etc/init.d/apache2 restart

Edit /home/admispconfig/ispconfig/lib/config.inc.php find the line:

$go_info["server"]["apache2_php"] = 'both';

and change to:

$go_info["server"]["apache2_php"] = 'suphp';

Now, within ISPConfig make a small modification to one of your webs, so that ISPConfig writes a new vhost file. For example enable cgi-scrips for one of your websites or so.

Within your /etc/apache2/vhosts/Vhosts_ispconfig.conf, you will see that ISPConfig has re-written the file, because the lines below are added for every single web:

suPHP_Engine on
suPHP_UserGroup username groupname
AddHandler x-httpd-php .php .php3 .php4 .php5
suPHP_AddHandler x-httpd-php
</VirtualHost>

Important: do not make any manual changes within your /etc/apache2/vhosts/Vhosts_ispconfig.conf file!

When you establish a connection via FTP, you'll see that you can set any permission within your web:

chmod

You're also able to run the php scripts under the admin user of the website instead of the system user www-data. This gives the admin user of the website more comfort. suPHP is also very useful when you run a CMS within your web like Joomla. With suPHP enabled Joomla will have enough permissions to function properly, while the admin user of the website has full control! Last but not least, using suPHP is more safe and a more professional solution than using chmod 777 for your website!

If you don't want to use php5-cgi+suPHP for a particular website on your ISPConfig server, there is a solution. Login to your server as root and enable the php5 module for Apache2:

a2enmod php5

Restart Apache2 with:

/etc/init.d/apache2 force-reload

Within ISPConfig, disable the php and add the following within the Apache directives field for your site:

<Directory /var/www/webX/web>
AddType application/x-httpd-php .php .php3 .php4 .php5
php_admin_flag safe_mode Off
</Directory>

Now your ISPConfig with Debian Etch, uses PHP5-mod and PHP5-CGI+suPHP. In the most situations you'll only need PHP5-CGI+suPHP. However, if you can not use the suphp mechanism for some reasons, you can still use php5 as a module for that particular website.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Alex1 (registered user) on Tue, 2008-06-10 12:19.

upgrade the guide to use suphp-0.6.3

 replace:

wget http://www.suphp.org/download/suphp-0.6.2.tar.gz
tar xvfz suphp-0.6.2.tar.gz
cd suphp-0.6.2
vi src/apache2/mod_suphp.c

with: 

wget http://www.suphp.org/download/suphp-0.6.3.tar.gz
tar xvfz suphp-0.6.3.tar.gz
cd suphp-0.6.3
vi src/apache2/mod_suphp.c

it works well also with latest version

Submitted by toolswizard (registered user) on Sun, 2007-08-19 13:19.

After performing the command apt-get install php5-cgi, mysql is not longer enabled.  Since the tutorial is for suphp, and most of the questions that lead you here are related to ISPCONFIG, an optional step should be included to reinstall the php5 modules.  To reinstall mysql, I issued the command apt-get install php5-mysql php5-mysqli --reinstall.

I discovered this issue after having a successful Mambo installation that now would give site not available error with a 1 at the bottom of the page.  Then running the mysqlcheck.php script also found on this site showed that the mysql.connect function could not be found.

Thank you for providing such excellent tutorials. I find them very useful and complete.

Submitted by steve1084 (registered user) on Fri, 2007-10-26 18:17.

After updating ispconfig I have found that some of the configuration setting for suphp can revert back to there original settings so its a good idea to check these settings after doing an ispconfig update

Particularly the /home/admispconfig/ispconfig/lib/config.inc.php file can revert to its previous setting of 'Both' instead of 'suphp'