[ubuntu-uk] PHP security

Chris Rowson christopherrowson at gmail.com
Fri Jun 11 00:00:17 BST 2010

>> I'm migrating a web server with a few sites from a CentOS based VPS
>> with a DirectAdmin control panel to an Ubuntu Lucid server. I'm not
>> incredibly bothered about losing the control panel, but I wondered if
>> anyone had any advice on securing PHP scripts so that scripts owned by
>> separate 'site owners' don't interfere with one and other.
>> I've looked at suPHP & ITK-MPM but as I've not used either before I'm
>> not sure of the pros and cons.
>> Anyone out there running this kind of setup with any advice to offer?
> If you intend to run more than one site from this server, you might consider
> installing webmin and virtualmin. It'll make this easier.
> Install the "apache2-suexec" package if all web files are under /var/www and if
> you want PHP scripts to run as the user (site owner). If your files will be
> elsewhere, such as /home/domainname, install "apache2-suexec-custom" and
> configure it for the appropriate root.
> You'll need to run PHP as cgi or fastcgi. That means no Apache PHP module, and
> using the Apache worker or ITK MPM.
> Regards,
> Tyler
Thanks again Tyler, I'm going to have to start paying you consultancy!

I'll do some reading up on this. I've not really had to worry about
random users hosing a server with a dodgy php script before so it's
great to have somewhere to start!


More information about the ubuntu-uk mailing list