[ubuntu-uk] PHP security
Tyler J. Wagner
tyler at tolaris.com
Thu Jun 10 23:48:42 BST 2010
On Thursday 10 June 2010 23:19:28 Chris Rowson wrote:
> I'm migrating a web server with a few sites from a CentOS based VPS
> with a DirectAdmin control panel to an Ubuntu Lucid server. I'm not
> incredibly bothered about losing the control panel, but I wondered if
> anyone had any advice on securing PHP scripts so that scripts owned by
> separate 'site owners' don't interfere with one and other.
>
> I've looked at suPHP & ITK-MPM but as I've not used either before I'm
> not sure of the pros and cons.
>
> Anyone out there running this kind of setup with any advice to offer?
If you intend to run more than one site from this server, you might consider
installing webmin and virtualmin. It'll make this easier.
Install the "apache2-suexec" package if all web files are under /var/www and if
you want PHP scripts to run as the user (site owner). If your files will be
elsewhere, such as /home/domainname, install "apache2-suexec-custom" and
configure it for the appropriate root.
You'll need to run PHP as cgi or fastcgi. That means no Apache PHP module, and
using the Apache worker or ITK MPM.
Regards,
Tyler
--
"One of the main causes of the fall of the Roman Empire was that,
lacking zero, they had no way to indicate successful termination of
their C programs."
-- Robert Firth
More information about the ubuntu-uk
mailing list